Mandrake Linux Security Advisory : openssl (MDKSA-2002:046-1)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under
the DARPA program CHATS, discovered a number of vulnerabilities in the
OpenSSL code that are all potentially remotely exploitable.

From the OpenSSL advisory :

1. The client master key in SSL2 could be oversized and overrun a
buffer. This vulnerability was also independently discovered by
consultants at Neohapsis ( who have also
demonstrated that the vulerability is exploitable. Exploit code is NOT
available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and
overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and
overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7
with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too
small on 64 bit platforms.

At the same time, various potential buffer overflows have had
assertions added; these are not known to be exploitable.

Finally, a vulnerability was found by Adi Stav and James Yonan
independently in the ASN1 parser which can be confused by supplying it
with certain invalid encodings. There are no known exploits for this

All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have
been applied to the versions of OpenSSL provided in this update to fix
all of these problems, except for the ASN1 vulnerability, which a fix
will be provided for once MandrakeSoft has had a chance to QA the new
packages. In the meantime, it is is strongly encouraged that all users
upgrade to these OpenSSL packages.

Update :

These new OpenSSL packages are available to additionally fix the ASN1
vulnerability described above. All Mandrake Linux users are encouraged
to upgrade to these new packages.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13949 (mandrake_MDKSA-2002-046.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0655

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now