This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch.
The remote host is running a version of FireEye Operating System
(FEOS) that is affected by multiple vulnerabilities :
- An error exists in the function ssl3_read_bytes()
function that allows data to be injected into other
sessions or allow denial of service attacks. Note that
this issue is only exploitable if
'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists in the do_ssl3_write() function that
allows a NULL pointer to be dereferenced, leading to
denial of service attacks. Note that this issue is
exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
- An error exists related to DTLS handshake handling that
allows denial of service attacks. Note that this
issue only affects OpenSSL when used as a DTLS client.
- An unspecified error exists that could allow an
attacker to cause usage of weak keying material
leading to simplified man-in-the-middle attacks.
- An error exists in the 'dtls1_get_message_fragment'
function related to anonymous ECDH cipher suites. This
allows denial of service attacks. Note that this issue
only affects OpenSSL TLS clients. (CVE-2014-3470)
- An unspecified flaw exists that allows a remote attacker
to execute arbitrary commands with root privileges.
See also :
Apply the relevant patch referenced in the vendor advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Nessus Plugin ID: 77057 ()
Bugtraq ID: 6680167193678986789967901
CVE ID: CVE-2010-5298CVE-2014-0198CVE-2014-0221CVE-2014-0224CVE-2014-3470
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.