FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

OpenSSL Security Advisory :

A memory leak can occur in the dtls1_buffer_record function under
certain conditions. In particular this could occur if an attacker sent
repeated DTLS records with the same sequence number but for the next
epoch. The memory leak could be exploited by an attacker in a Denial
of Service attack through memory exhaustion.

See also :

https://www.openssl.org/news/secadv/20150108.txt
http://www.nessus.org/u?6a9cf6d0

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 80925 ()

Bugtraq ID:

CVE ID: CVE-2015-0206

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now