Summary
The remote host is missing an update to openssl, openssl097 announced via advisory DSA 1701-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201701-1
Insight
It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
For the stable distribution (etch), this problem has been fixed in version 0.9.8c-4etch4 of the openssl package, and version 0.9.7k-3.1etch2 of the openssl097 package.
For the unstable distribution (sid), this problem has been fixed in version 0.9.8g-15.
The testing distribution (lenny) will be fixed soon.
We recommend that you upgrade your OpenSSL packages.
Severity
Classification
-
CVE CVE-2008-5077 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities