ID de Prueba:	1.3.6.1.4.1.25623.1.0.105396
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - OpenSSL vulnerability CVE-2015-0209
Resumen:	The remote host is missing a security patch.
Descripción:	Summary: The remote host is missing a security patch. Vulnerability Insight: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impacts via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. (CVE-2015-0209) Vulnerability Impact: An attacker may be able to cause a denial-of-service (DoS) using a malformed Elliptic Curve (EC) private-key file. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0209 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html BugTraq ID: 73239 http://www.securityfocus.com/bid/73239 Debian Security Information: DSA-3197 (Google Search) http://www.debian.org/security/2015/dsa-3197 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html FreeBSD Security Advisory: FreeBSD-SA-15:06 https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc https://security.gentoo.org/glsa/201503-11 HPdes Security Advisory: HPSBGN03306 http://marc.info/?l=bugtraq&m=142841429220765&w=2 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03397 http://marc.info/?l=bugtraq&m=144050297101809&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 HPdes Security Advisory: HPSBMU03413 http://marc.info/?l=bugtraq&m=144050254401665&w=2 HPdes Security Advisory: HPSBUX03334 http://marc.info/?l=bugtraq&m=143213830203296&w=2 HPdes Security Advisory: SSRT102000 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://www.mandriva.com/security/advisories?name=MDVSA-2015:063 RedHat Security Advisories: RHSA-2015:0715 http://rhn.redhat.com/errata/RHSA-2015-0715.html RedHat Security Advisories: RHSA-2015:0716 http://rhn.redhat.com/errata/RHSA-2015-0716.html RedHat Security Advisories: RHSA-2015:0752 http://rhn.redhat.com/errata/RHSA-2015-0752.html RedHat Security Advisories: RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1031929 SuSE Security Announcement: SUSE-SU-2015:0541 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html SuSE Security Announcement: openSUSE-SU-2015:0554 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://www.ubuntu.com/usn/USN-2537-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.