FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The OpenSSL team reports :

- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)

- Malformed ECParameters causes infinite loop (CVE-2015-1788)

- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)

- CMS verify infinite loop with unknown hash function (CVE-2015-1792)

- Race condition handling NewSessionTicket (CVE-2015-1791)

- Invalid free in DTLS (CVE-2014-8176)

See also :

https://www.openssl.org/news/secadv/20150611.txt
http://www.nessus.org/u?27602a89

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84133 ()

Bugtraq ID:

CVE ID: CVE-2014-8176
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-4000

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now