The host is running NASL and is prone to Security Bypass vulnerability.

Successful exploitation could allow remote attackers to bypass the certificate validation checks and can cause spoofing attacks via signature checks with SSL/TLS. Impact Level: System/Application

Apply Patch http://cvs.fedoraproject.org/viewvc/rpms/libnasl/F-10/libnasl.spec?r1=1.16&r2=1.17 ********* NOTE: Please ignore the warning, if patch is applied. *********

The flaw is due to improper validation of return value in nasl/nasl_crypto2.c file from DSA_do_verify function of OpenSSL.

Nessus Attack Scripting Language (NASL) version 2.2.11 and prior on Linux.

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517
• http://openwall.com/lists/oss-security/2009/01/12/4
• https://bugzilla.redhat.com/show_bug.cgi?id=479655

---

Updated on 2015-03-25