Mandriva Update For Openssl MDKSA-2007:193 (openssl) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108). Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135). Updated packages have been patched to prevent these issues.

Affected

openssl on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-3108, CVE-2007-5135

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:047 (vim)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:048 (epiphany)
Mandrake Security Advisory MDVSA-2009:054 (nagios)

Mandriva Update for openssl MDKSA-2007:193 (openssl)

Take action and discover your vulnerabilities