Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that the fix for CVE-2012-2110 was incomplete for
OpenSSL 0.9.8. A remote attacker could trigger this flaw in services
that used SSL to cause a denial of service or possibly execute
arbitrary code with application privileges. Ubuntu 11.10 was not
affected by this issue. (CVE-2012-2131)

The original upstream fix for CVE-2012-2110 would cause
BUF_MEM_grow_clean() to sometimes return the wrong error condition.
This update fixes the problem.

Solution :

Update the affected libssl0.9.8 and / or libssl1.0.0 packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 58873 ()

Bugtraq ID: 53212

CVE ID: CVE-2012-2110