RHEL 2.1 : openssl (RHSA-2004:119)

Medium Nessus Plugin ID 12479


The remote Red Hat host is missing one or more security updates.


Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue.

Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue.

These updated packages contain patches provided by the OpenSSL group that protect against these issues.

NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages.


Update the affected packages.

See Also






Plugin Details

Severity: Medium

ID: 12479

File Name: redhat-RHSA-2004-119.nasl

Version: $Revision: 1.22 $

Type: local

Agent: unix

Published: 2004/07/06

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:openssl, p-cpe:/a:redhat:enterprise_linux:openssl-devel, p-cpe:/a:redhat:enterprise_linux:openssl-perl, p-cpe:/a:redhat:enterprise_linux:openssl095a, p-cpe:/a:redhat:enterprise_linux:openssl096, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2004/03/17

Reference Information

CVE: CVE-2003-0851, CVE-2004-0081

BID: 8970, 9899

RHSA: 2004:119