Summary
The remote host is missing an update to openssl096 announced via advisory DSA 1174-1.
Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
Solution
For the stable distribution (sarge) this problem has been fixed in version 0.9.6m-1sarge2
This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian.
We recommend that you upgrade your openssl packages. Note that services
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201174-1
Severity
Classification
-
CVE CVE-2006-4339 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities