Mandriva Linux Security Advisory : openssl (MDVSA-2014:158)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Multiple vulnerabilities has been discovered and corrected in
openssl :

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information
from the stack. Applications may be affected if they echo pretty
printing output to the attacker. OpenSSL SSL/TLS clients and servers
themselves are not affected (CVE-2014-3508).

If a multithreaded client connects to a malicious server using a
resumed session and the server sends an ec point format extension it
could write up to 255 bytes to freed memory (CVE-2014-3509).

An attacker can force an error condition which causes openssl to crash
whilst processing DTLS packets due to memory being freed twice. This
can be exploited through a Denial of Service attack (CVE-2014-3505).

An attacker can force openssl to consume large amounts of memory
whilst processing DTLS handshake messages. This can be exploited
through a Denial of Service attack (CVE-2014-3506).

By sending carefully crafted DTLS packets an attacker could cause
openssl to leak memory. This can be exploited through a Denial of
Service attack (CVE-2014-3507).

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are
subject to a denial of service attack. A malicious server can crash
the client with a NULL pointer dereference (read) by specifying an
anonymous (EC)DH ciphersuite and sending carefully crafted handshake
messages (CVE-2014-3510).

The updated packages have been upgraded to the 1.0.0n version where
these security flaws has been fixed.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 77097 ()

Bugtraq ID: 69075

CVE ID: CVE-2014-3505

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now