This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200710-06
(OpenSSL: Multiple vulnerabilities)
Moritz Jodeit reported an off-by-one error in the
SSL_get_shared_ciphers() function, resulting from an incomplete fix of
CVE-2006-3738. A flaw has also been reported in the
BN_from_montgomery() function in crypto/bn/bn_mont.c when performing
A remote attacker sending a specially crafted packet to an application
relying on OpenSSL could possibly execute arbitrary code with the
privileges of the user running the application. A local attacker could
perform a side channel attack to retrieve the RSA private keys.
There is no known workaround at this time.
See also :
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8e-r3'
Risk factor :
Critical / CVSS Base Score : 10.0