Summary
The remote host is missing an update to openssl
announced via advisory DSA 1185-2.
The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code.
Solution
For the stable distribution (sarge) these problems have been fixed in version 0.9.7e-3sarge4.
For the unstable and testing distributions (sid and etch, respectively), these problems will be fixed in version 0.9.7k-3 of the openssl097 compatibility libraries, and version 0.9.8c-3 of the openssl package.
We recommend that you upgrade your openssl package. Note that
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201185-2
Severity
Classification
-
CVE CVE-2006-2940 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities