FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The OpenSSL Team reports :

6 security flaws have been fixed in OpenSSL 1.0.0f :

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
check failure can lead to a double-free.

OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as
block cipher padding in SSL 3.0 records. As a result, in each record,
up to 15 bytes of uninitialized memory may be sent, encrypted, to the
SSL peer. This could include sensitive contents of previously freed
memory.

RFC 3779 data can be included in certificates, and if it is malformed,
may trigger an assertion failure. This could be used in a
denial-of-service attack.

Support for handshake restarts for server gated cryptograpy (SGC) can
be used in a denial-of-service attack.

A malicious TLS client can send an invalid set of GOST parameters
which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.

See also :

http://openssl.org/news/secadv/20120104.txt
http://www.nessus.org/u?997521b7

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57551 ()

Bugtraq ID: 51281

CVE ID: CVE-2011-4108
CVE-2011-4109
CVE-2011-4576
CVE-2011-4577
CVE-2011-4619
CVE-2012-0027

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now