Scientific Linux Security Update : openssl096b on SL3.x, SL4.x i386/x86_64

Critical Nessus Plugin ID 60756


The remote Scientific Linux host is missing a security update.


CVE-2009-3245 openssl: missing bn_wexpand return value checks

It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code.

For the update to take effect, all programs using the openssl096b library must be restarted.


Update the affected openssl096b package.

See Also

Plugin Details

Severity: Critical

ID: 60756

File Name: sl_20100325_openssl096b_on_SL3_x.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2012/08/01

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/03/25

Reference Information

CVE: CVE-2009-3245

CWE: 20