New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key.
Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS.
Updated packages are patched to address this issue.
SolutionUpdate the affected packages.