 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.54115 |
| Kategorie: | SuSE Local Security Checks |
| Titel: | SuSE Security Advisory SUSE-SA:2003:011 (openssl) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory SUSE-SA:2003:011. OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SuSE products. A security weakness has been found, known as Vaudenay timing attack on CBC, named after one of the discoverers (Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)). The weakness may allow an attacker to obtain a plaintext data block by observing timing differences in response to two different error cases (cipher padding errors vs. MAC verification errors). In order to exploit this vulnerability, the attacker has to meet certain requirements: The network connection between client and server must be of high quality to be able to observe timing differences, the attacker must be able to perform a man-in-the-middle attack, the transactions must repeatedly contain the same (encrypted) plain text block (such as a pop password or alike), and decoding failures in the SSL layer must not be propagated to the application that is using the SSL connection. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2003:011 Risk factor : Medium CVSS Score: 5.0 |
| Querverweis: |
BugTraq ID: 6884 Common Vulnerability Exposure (CVE) ID: CVE-2003-0078 http://www.securityfocus.com/bid/6884 Bugtraq: 20030219 OpenSSL 0.9.7a and 0.9.6i released (Google Search) http://marc.info/?l=bugtraq&m=104567627211904&w=2 Bugtraq: 20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) (Google Search) http://marc.info/?l=bugtraq&m=104568426824439&w=2 Computer Incident Advisory Center Bulletin: N-051 http://www.ciac.org/ciac/bulletins/n-051.shtml Conectiva Linux advisory: CLSA-2003:570 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 Debian Security Information: DSA-253 (Google Search) http://www.debian.org/security/2003/dsa-253 En Garde Linux Advisory: ESA-20030220-005 http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html FreeBSD Security Advisory: FreeBSD-SA-03:02 http://marc.info/?l=bugtraq&m=104577183206905&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020 NETBSD Security Advisory: NetBSD-SA2003-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc http://www.osvdb.org/3945 http://www.redhat.com/support/errata/RHSA-2003-062.html http://www.redhat.com/support/errata/RHSA-2003-063.html http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.redhat.com/support/errata/RHSA-2003-104.html http://www.redhat.com/support/errata/RHSA-2003-205.html SGI Security Advisory: 20030501-01-I ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I SuSE Security Announcement: SuSE-SA:2003:011 (Google Search) http://www.trustix.org/errata/2003/0005 http://www.iss.net/security_center/static/11369.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |