Mandriva Linux Security Advisory : openssl (MDVSA-2010:248)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered and corrected in openssl :

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly
prevent modification of the ciphersuite in the session cache, which
allows remote attackers to force the use of an unintended cipher via
vectors involving sniffing network traffic to discover a session
identifier (CVE-2010-4180).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 51070 ()

Bugtraq ID: 45164

CVE ID: CVE-2010-4180

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now