OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability Network Vulnerability

Summary

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, OVS has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of- service condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.

Solution

Updates are available. Please see the references for more information.

References

http://www.openssl.org
http://www.openssl.org/news/secadv_20100601.txt
https://www.securityfocus.com/bid/40502

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0742

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache httpd Web Server Range Header Denial of Service Vulnerability
CUPS IPP Use-After-Free Denial of Service Vulnerability
FreeSSHd Remote Denial of Service Vulnerability
EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
Active Perl Modules Multiple Vulnerabilities (Windows)

Take action and discover your vulnerabilities