FreeBSD : openssl -- TLS extension parsing race condition (3042c33a-f237-11df-9d02-0018fe623f2b)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

OpenSSL Team reports :

Rob Hulswit has found a flaw in the OpenSSL TLS server extension code
parsing which on affected servers can be exploited in a buffer overrun

Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses OpenSSL's internal caching mechanism. Servers that are
multi-process and/or disable internal session caching are NOT

In particular the Apache HTTP server (which never uses OpenSSL
internal caching) and Stunnel (which includes its own workaround) are
NOT affected.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.6

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 50627 ()

Bugtraq ID:

CVE ID: CVE-2010-3864

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now