OpenSSL < 0.9.6e Multiple Vulnerabilities
High Nessus Plugin ID 17746
SynopsisThe remote server is affected by multiple SSL-related vulnerabilities.
DescriptionAccording to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6e. Such versions have the following vulnerabilities :
- On 64 bit architectures, these versions are vulnerable to a buffer overflow that leads to a denial of service. (CVE-2002-0655)
- Buffer overflows allow a remote attacker to execute arbitrary code. (CVE-2002-0656)
- A remote attacker can trigger a denial of service by sending invalid ASN.1 data. (CVE-2002-0659)
SolutionUpgrade to OpenSSL 0.9.6e or later.