This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information
from the stack. Applications may be affected if they echo pretty
printing output to the attacker. OpenSSL SSL/TLS clients and servers
themselves are not affected (CVE-2014-3508).
If a multithreaded client connects to a malicious server using a
resumed session and the server sends an ec point format extension it
could write up to 255 bytes to freed memory (CVE-2014-3509).
An attacker can force an error condition which causes openssl to crash
whilst processing DTLS packets due to memory being freed twice. This
can be exploited through a Denial of Service attack (CVE-2014-3505).
An attacker can force openssl to consume large amounts of memory
whilst processing DTLS handshake messages. This can be exploited
through a Denial of Service attack (CVE-2014-3506).
By sending carefully crafted DTLS packets an attacker could cause
openssl to leak memory. This can be exploited through a Denial of
Service attack (CVE-2014-3507).
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are
subject to a denial of service attack. A malicious server can crash
the client with a NULL pointer dereference (read) by specifying an
anonymous (EC)DH ciphersuite and sending carefully crafted handshake
The updated packages have been upgraded to the 1.0.0n version where
these security flaws has been fixed.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 77097 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now