This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
PolarSSL Project reports :
The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the
PolarSSL RSA implementation and discovered a bias in the
implementation of the Montgomery multiplication that we used. For
which they then show that it can be used to mount an attack on the RSA
key. Although their test attack is done on a local system, there seems
to be enough indication that this can properly be performed from a
remote system as well.
All versions prior to PolarSSL 1.2.9 and 1.3.0 are affected if a third
party can send arbitrary handshake messages to your server.
If correctly executed, this attack reveals the entire private RSA key
after a large number of attack messages (> 600.000 on a local machine)
are sent to show the timing differences.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3