Ubuntu Security Notice (C) 2005-2014 Canonical, Inc. / NASL script (C) 2006-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content.
The updated package requires the specification of an entropy source
with EGD_PATH and also requires that the source is a socket (as
opposed to a normal file).
Please note that this only affects systems which have egd installed
from third-party sources
egd is not shipped with Ubuntu.
Update the affected libnet-ssleay-perl package.
Risk factor :
Medium / CVSS Base Score : 4.6
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20500 ()
CVE ID: CVE-2005-0106