FreeBSD : openssl -- crash on handshake (1a802ba9-f444-11e6-9940-b499baebfeaf)

Medium Nessus Plugin ID 97219


The remote FreeBSD host is missing a security-related update.


The OpenSSL project reports :

Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. This issue does not affect OpenSSL version 1.0.2.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 97219

File Name: freebsd_pkg_1a802ba9f44411e69940b499baebfeaf.nasl

Version: $Revision: 3.6 $

Type: local

Published: 2017/02/17

Modified: 2018/01/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openssl-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/02/16

Vulnerability Publication Date: 2017/02/16

Reference Information

CVE: CVE-2017-3733