SUSE-SA:2006:058: openssl

high Nessus Plugin ID 24436

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).

Several security problems were found and fixed in the OpenSSL cryptographic library.

CVE-2006-3738/VU#547300:
A Google security audit found a buffer overflow condition within the SSL_get_shared_ciphers() function which has been fixed.

CVE-2006-4343/VU#386964:
The above Google security audit also found that the OpenSSL SSLv2 client code fails to properly check for NULL which could lead to a server program using openssl to crash.

CVE-2006-2937:
Fix mishandling of an error condition in parsing of certain invalid ASN1 structures, which could result in an infinite loop which consumes system memory.

CVE-2006-2940:
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack to cause the remote side top spend an excessive amount of time in computation.

Solution

http://www.novell.com/linux/security/advisories/2006_58_openssl.html

Plugin Details

Severity: High

ID: 24436

File Name: suse_SA_2006_058.nasl

Version: 1.10

Agent: unix

Family: SuSE Local Security Checks

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics