ID de Prueba:	1.3.6.1.4.1.25623.1.0.807500
Categoría:	General
Título:	OpenSSL Multiple Vulnerabilities -02 Mar16 (Linux)
Resumen:	OpenSSL is prone to multiple vulnerabilities.
Descripción:	Summary: OpenSSL is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. - The SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. Vulnerability Impact: Successful exploitation will allow a remote attacker to decrypt TLS ciphertext data and to obtain sensitive information. Affected Software/OS: OpenSSL versions before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a. Solution: Upgrade to OpenSSL 1.0.2a or 1.0.1m or 1.0.0r or 0.9.8zf or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0703 BugTraq ID: 83743 http://www.securityfocus.com/bid/83743 Cisco Security Advisory: 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl FreeBSD Security Advisory: FreeBSD-SA-16:12 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc https://security.gentoo.org/glsa/201603-15 https://drownattack.com http://www.securitytracker.com/id/1035133 SuSE Security Announcement: SUSE-SU-2016:0617 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html SuSE Security Announcement: SUSE-SU-2016:0620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html SuSE Security Announcement: SUSE-SU-2016:0621 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html SuSE Security Announcement: SUSE-SU-2016:0624 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html SuSE Security Announcement: SUSE-SU-2016:0631 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0641 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html SuSE Security Announcement: SUSE-SU-2016:1057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:0628 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0638 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:0720 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0704 BugTraq ID: 83764 http://www.securityfocus.com/bid/83764
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.