Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS)
and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)
It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333).
Update the affected libssl0.9.8, libssl1.0.0 and / or openssl
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false