Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)

Critical Nessus Plugin ID 26950

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108).

Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135).

Updated packages have been patched to prevent these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 26950

File Name: mandrake_MDKSA-2007-193.nasl

Version: 1.19

Type: local

Published: 2007/10/09

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64openssl0.9.8, p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel, p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel, p-cpe:/a:mandriva:linux:libopenssl0.9.8, p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel, p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel, p-cpe:/a:mandriva:linux:openssl, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2007/10/04

Reference Information

CVE: CVE-2006-3738, CVE-2007-3108, CVE-2007-5135

MDKSA: 2007:193

CWE: 119, 189