SUSE-SA:2005:061: openssl

high Nessus Plugin ID 20064

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:061 (openssl).

The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969)

Additionally this update adds the Geotrusts Equifax Root1 CA certificate to allow correct certification against Novell Inc. websites and services. The same CA is already included in Mozilla, KDE, and curl, which use separate certificate stores.

Solution

http://www.suse.de/security/advisories/2005_61_openssl.html

Plugin Details

Severity: High

ID: 20064

File Name: suse_SA_2005_061.nasl

Version: 1.10

Agent: unix

Family: SuSE Local Security Checks

Published: 10/20/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics