Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0888
The remote host is missing updates announced in
advisory RHSA-2010:0888.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A race condition flaw has been found in the OpenSSL TLS server extension
parsing code, which could affect some multithreaded OpenSSL applications.
Under certain specific conditions, it may be possible for a remote attacker
to trigger this race condition and cause such an application to crash, or
possibly execute arbitrary code with the permissions of the application.

Note that this issue does not affect the Apache HTTP Server. Refer to Red
Hat Bugzilla bug 649304 for more technical details on how to determine if
your application is affected.

Red Hat would like to thank Rob Hulswit for reporting this issue.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3864
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2125 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-10:10
HPdes Security Advisory: HPSBGN02740
HPdes Security Advisory: HPSBMA02658
HPdes Security Advisory: HPSBOV02670
HPdes Security Advisory: HPSBUX02638
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: SSRT100475
HPdes Security Advisory: SSRT100741
RedHat Security Advisories: RHSA-2010:0888
SuSE Security Announcement: SUSE-SR:2010:022 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.