Tenable SecurityCenter OpenSSL ASN.1 Signature Verification Routine DoS (TNS-2016-01)
Medium Nessus Plugin ID 88809
The remote application is affected by a denial of service vulnerability.
The SecurityCenter application installed on the remote host is affected by a denial of service vulnerability in the bundled OpenSSL library. The library is version 1.0.1 or later but prior to 1.0.1q. It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition.
Upgrade to Tenable SecurityCenter version 5.2.0. Alternatively, apply the relevant patch referenced in the vendor advisory.