OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities

This script is Copyright (C) 2002-2013 Solar Eclipse / Renaud Deraison


Synopsis :

The remote service uses a library that is affected by a buffer
overflow vulnerability.

Description :

The remote service seems to be using a version of OpenSSL that is
older than 0.9.6e or 0.9.7-beta3.

Such versions are affected by a buffer overflow that may allow an
attacker to execute arbitrary commands on the remote host with the
privileges of the application itself.

Solution :

Upgrade to OpenSSL version 0.9.6e / 0.9.7beta3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11060 ()

Bugtraq ID: 1340
3004
5361
5362
5363
5364
5366

CVE ID: CVE-2000-0535
CVE-2001-1141
CVE-2002-0655
CVE-2002-0656
CVE-2002-0657
CVE-2002-0659