This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability was discovered and corrected in openssl :
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly
prevent modification of the ciphersuite in the session cache, which
allows remote attackers to force the use of an unintended cipher via
vectors involving sniffing network traffic to discover a session
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false