Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)

High Nessus Plugin ID 58808


The remote Ubuntu host is missing one or more security-related patches.


It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165)

Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected libssl0.9.8 and / or libssl1.0.0 packages.

Plugin Details

Severity: High

ID: 58808

File Name: ubuntu_USN-1424-1.nasl

Version: $Revision: 1.15 $

Type: local

Agent: unix

Published: 2012/04/20

Modified: 2016/05/25

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8, p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0, cpe:/o:canonical:ubuntu_linux:10.04:-:lts, cpe:/o:canonical:ubuntu_linux:11.04, cpe:/o:canonical:ubuntu_linux:11.10, cpe:/o:canonical:ubuntu_linux:8.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/04/19

Reference Information

CVE: CVE-2006-7250, CVE-2012-1165, CVE-2012-2110

BID: 52181, 52764, 53158

OSVDB: 79650, 80040, 81223

USN: 1424-1