OpenSSL < 0.9.8m Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5358
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionAccording to its banner, the remote host is running a version of OpenSSL older than 0.9.8m. Such versions potentially have the following vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)
- The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact. (CVE-2009-3245)
SolutionUpgrade to OpenSSL 0.9.8m or later.