FreeBSD : FreeBSD -- OpenSSL Remote DoS vulnerability (0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Due to improper handling of alert packets, OpenSSL would consume an
excessive amount of CPU time processing undefined alert messages.
Impact : A remote attacker who can initiate handshakes with an OpenSSL
based server can cause the server to consume a lot of computation
power with very little bandwidth usage, and may be able to use this
technique in a leveraged Denial of Service attack.

See also :

http://seclists.org/oss-sec/2016/q4/224
http://www.nessus.org/u?0bbf8a6c

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 94492 ()

Bugtraq ID:

CVE ID: CVE-2016-8610

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now