This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
An invalid free flaw was found in the way OpenSSL handled certain DTLS
handshake messages. A malicious DTLS client or server could cause a
DTLS server or client using OpenSSL to crash or, potentially, execute
arbitrary code. (CVE-2014-8176)
A flaw was found in the way the OpenSSL packages shipped with
Scientific Linux 6 and 7 performed locking in the ssleay_rand_bytes()
function. This issue could possibly cause a multi-threaded application
using OpenSSL to perform an out-of-bounds read and crash.
An out-of-bounds read flaw was found in the X509_cmp_time() function
of OpenSSL. A specially crafted X.509 certificate or a Certificate
Revocation List (CRL) could possibly cause a TLS/SSL server or client
using OpenSSL to crash. (CVE-2015-1789)
A race condition was found in the session handling code of OpenSSL.
This issue could possibly cause a multi-threaded TLS/SSL client using
OpenSSL to double free session ticket data and crash. (CVE-2015-1791)
A flaw was found in the way OpenSSL handled Cryptographic Message
Syntax (CMS) messages. A CMS message with an unknown hash function
identifier could cause an application using OpenSSL to enter an
infinite loop. (CVE-2015-1792)
A NULL pointer dereference was found in the way OpenSSL handled
certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing
EncryptedContent data could cause an application using OpenSSL to
For the update to take effect, all services linked to the OpenSSL
library must be restarted, or the system rebooted.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 84226 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now