RHEL 2.1 : openssl (RHSA-2002:161)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated OpenSSL packages are available for Red Hat Linux Advanced
Server. These updates fix multiple protocol parsing bugs, which may
cause a denial of service (DoS) attack or cause SSL-enabled
applications to crash.

[Updated 06 Jan 2003] Added fixed packages for the ia64 architecture.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

OpenSSL is a commercial-grade, full-featured, and open source toolkit
which implements the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well as a full-strength general
purpose cryptography library.

Portions of the SSL protocol data stream, which include the lengths of
structures which are being transferred, may not be properly validated.
This may allow a malicious server or client to cause an affected
application to crash or enter an infinite loop, which can be used as a
denial of service (DoS) attack if the application is a server. It has
not been verified if this issue could lead to further consequences
such as remote code execution.

These errata packages contain a patch to correct this vulnerability.
Please note that the original patch from the OpenSSL team had a
mistake in it which could possibly still allow buffer overflows to
occur. This bug is also fixed in these errata packages.

NOTE :

Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the
update is applied.

Thanks go to the OpenSSL team for providing patches for these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0659.html
http://rhn.redhat.com/errata/RHSA-2002-161.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12316 ()

Bugtraq ID:

CVE ID: CVE-2002-0659