OpenSSL < 0.9.8p / 1.0.0e Double Free Vulnerability

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote SSL layer is affected by a denial of service
vulnerability.

Description :

According to its banner, the remote server is running a version of
OpenSSL that is earlier than 0.9.8p / 1.0.0e.

A remote attacker could crash client software when using ECDH. The
impact of this vulnerability is not clear
arbitrary code could be run
too.

Note that OpenSSL changelog only reports a fix for 0.9.8p. 1.0.0a is
definitely vulnerable. Gentoo reports a fix for 1.0.0e but it covers
other flaws.NVD reports 0.9.7 as vulnerable too but does not give any
fixed version.

See also :

http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html

Solution :

Upgrade to OpenSSL 0.9.8p / 1.0.0e or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 17767 ()

Bugtraq ID: 42306

CVE ID: CVE-2010-2939