Test Kennung:	1.3.6.1.4.1.25623.1.0.55686
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2005:061 (openssl)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2005:061. The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969) Additionally this update adds the Geotrusts Equifax Root1 CA certificate to allow correct certification against Novell Inc. websites and services. The same CA is already included in Mozilla, KDE, and curl, which use separate certificate stores. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:061 Risk factor : Medium CVSS Score: 5.0
Querverweis:	BugTraq ID: 15647 BugTraq ID: 15071 Common Vulnerability Exposure (CVE) ID: CVE-2005-2969 http://docs.info.apple.com/article.html?artnum=302847 http://www.securityfocus.com/bid/15071 http://www.securityfocus.com/bid/15647 BugTraq ID: 24799 http://www.securityfocus.com/bid/24799 Cisco Security Advisory: 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml Debian Security Information: DSA-875 (Google Search) http://www.debian.org/security/2005/dsa-875 Debian Security Information: DSA-881 (Google Search) http://www.debian.org/security/2005/dsa-881 Debian Security Information: DSA-882 (Google Search) http://www.debian.org/security/2005/dsa-882 FreeBSD Security Advisory: FreeBSD-SA-05:21 HPdes Security Advisory: HPSBUX02174 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HPdes Security Advisory: HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HPdes Security Advisory: SSRT061239 HPdes Security Advisory: SSRT071299 http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-800.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://securitytracker.com/id?1015032 http://secunia.com/advisories/17146 http://secunia.com/advisories/17151 http://secunia.com/advisories/17153 http://secunia.com/advisories/17169 http://secunia.com/advisories/17178 http://secunia.com/advisories/17180 http://secunia.com/advisories/17189 http://secunia.com/advisories/17191 http://secunia.com/advisories/17210 http://secunia.com/advisories/17259 http://secunia.com/advisories/17288 http://secunia.com/advisories/17335 http://secunia.com/advisories/17344 http://secunia.com/advisories/17389 http://secunia.com/advisories/17409 http://secunia.com/advisories/17432 http://secunia.com/advisories/17466 http://secunia.com/advisories/17589 http://secunia.com/advisories/17617 http://secunia.com/advisories/17632 http://secunia.com/advisories/17813 http://secunia.com/advisories/17888 http://secunia.com/advisories/18045 http://secunia.com/advisories/18123 http://secunia.com/advisories/18165 http://secunia.com/advisories/18663 http://secunia.com/advisories/19185 http://secunia.com/advisories/21827 http://secunia.com/advisories/23280 http://secunia.com/advisories/23340 http://secunia.com/advisories/23843 http://secunia.com/advisories/23915 http://secunia.com/advisories/25973 http://secunia.com/advisories/26893 http://secunia.com/advisories/31492 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 SuSE Security Announcement: SUSE-SA:2005:061 (Google Search) http://www.novell.com/linux/security/advisories/2005_61_openssl.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.vupen.com/english/advisories/2005/2036 http://www.vupen.com/english/advisories/2005/2659 http://www.vupen.com/english/advisories/2005/2710 http://www.vupen.com/english/advisories/2005/2908 http://www.vupen.com/english/advisories/2005/3002 http://www.vupen.com/english/advisories/2005/3056 http://www.vupen.com/english/advisories/2006/3531 http://www.vupen.com/english/advisories/2007/0326 http://www.vupen.com/english/advisories/2007/0343 http://www.vupen.com/english/advisories/2007/2457 XForce ISS Database: hitachi-hicommand-security-bypass(35287) https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.