FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in lighttpd, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to lighttpd not properly clearing the
OpenSSL error queue. This can be exploited to close concurrent SSL
connections of lighttpd by terminating one SSL connection.

See also :

http://trac.lighttpd.net/trac/ticket/285
http://www.nessus.org/u?990bc1b4

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 31953 (freebsd_pkg_1ac77649090811dd974d000fea2763ce.nasl)

Bugtraq ID: 28489

CVE ID: CVE-2008-1531

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now