OpenSSL Multiple Vulnerabilities (Linux) Network Vulnerability

Summary

This host is installed with OpenSSL and is prone to Multiple Vulnerabilities.

Impact

Successful exploitation will let the attacker cause memory access violation, security bypass or can cause denial of service.

Solution

Upgrade to OpenSSL version 0.9.8k http://openssl.org

Insight

- error exists in the 'ASN1_STRING_print_ex()' function when printing 'BMPString' or 'UniversalString' strings which causes invalid memory access violation. - 'CMS_verify' function incorrectly handles an error condition when processing malformed signed attributes. - error when processing malformed 'ASN1' structures which causes invalid memory access violation.

Affected

OpenSSL version prior to 0.9.8k on all running platform.

References

http://secunia.com/advisories/34411
http://securitytracker.com/alerts/2009/Mar/1021905.html
http://www.openssl.org/news/secadv_20090325.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0590, CVE-2009-0591, CVE-2009-0789

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
F-PROT Antivirus Multiple Vulnerabilities

Take action and discover your vulnerabilities