FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)
high Nessus Plugin ID 57551
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The OpenSSL Team reports :6 security flaws have been fixed in OpenSSL 1.0.0f :
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.
OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.
RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.
Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.
Solution
Update the affected package.See Also
Plugin Details
Severity: High
ID: 57551
File Name: freebsd_pkg_78cc8a463e5611e189b4001ec9578670.nasl
Version: 1.14
Type: local
Family: FreeBSD Local Security Checks
Published: 1/16/2012
Updated: 1/6/2021
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:ND/RL:OF/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:openssl, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 1/14/2012
Vulnerability Publication Date: 1/4/2012
Reference Information
CVE: CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027
BID: 51281