OpenSSL < 0.9.5a /dev/random Check Failure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote host uses a version of OpenSSL that may have weak
encryption keys.

Description :

According to its banner, the version of OpenSSL running on the remote
host is less than 0.9.5a. On a FreeBSD system running on the Alpha
architecture, versions earlier than that may not use the /dev/random
and /dev/urandom devices to provide a strong source of cryptographic
entropy, which could lead to the generation of keys with weak
cryptographic strength.

See also :

http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.514
http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html

Solution :

Upgrade OpenSSL to version 0.9.5a or higher and re-generate encryption
keys.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.8
(CVSS2#E:H/RL:U/RC:ND)

Family: Web Servers

Nessus Plugin ID: 17707 ()

Bugtraq ID: 1340

CVE ID: CVE-2000-0535