FreeBSD : OpenSSL -- multiple vulnerabilities (d455708a-e3d3-11e6-9940-b499baebfeaf)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The OpenSSL project reports :

- Truncated packet could crash via OOB read (CVE-2017-3731)

- Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)

- BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

- Montgomery multiplication may produce incorrect results
(CVE-2016-7055)

See also :

https://www.openssl.org/news/secadv/20170126.txt
http://www.nessus.org/u?bef32b94

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96821 ()

Bugtraq ID:

CVE ID: CVE-2016-7055
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now