Scientific Linux Security Update : openssl096b on SL3.x, SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

CVE-2009-3245 openssl: missing bn_wexpand return value checks

It was discovered that OpenSSL did not always check the return value
of the bn_wexpand() function. An attacker able to trigger a memory
allocation failure in that function could cause an application using
the OpenSSL library to crash or, possibly, execute arbitrary code.

For the update to take effect, all programs using the openssl096b
library must be restarted.

See also :

Solution :

Update the affected openssl096b package.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60756 ()

Bugtraq ID:

CVE ID: CVE-2009-3245