How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
CVE-2009-3245 openssl: missing bn_wexpand return value checks
It was discovered that OpenSSL did not always check the return value
of the bn_wexpand() function. An attacker able to trigger a memory
allocation failure in that function could cause an application using
the OpenSSL library to crash or, possibly, execute arbitrary code.
For the update to take effect, all programs using the openssl096b
library must be restarted.
See also :
Update the affected openssl096b package.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60756 ()
CVE ID: CVE-2009-3245
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.