SUSE-SA:2006:058: openssl

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).


Several security problems were found and fixed in the OpenSSL
cryptographic library.

CVE-2006-3738/VU#547300:
A Google security audit found a buffer overflow condition within the
SSL_get_shared_ciphers() function which has been fixed.

CVE-2006-4343/VU#386964:
The above Google security audit also found that the OpenSSL SSLv2
client code fails to properly check for NULL which could lead to a
server program using openssl to crash.

CVE-2006-2937:
Fix mishandling of an error condition in parsing of certain invalid
ASN1 structures, which could result in an infinite loop which consumes
system memory.

CVE-2006-2940:
Certain types of public key can take disproportionate amounts of time
to process. This could be used by an attacker in a denial of service
attack to cause the remote side top spend an excessive amount of time
in computation.

Solution :

http://www.novell.com/linux/security/advisories/2006_58_openssl.html

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 24436 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now