Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67233
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2010:076 (openssl)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to openssl
announced via advisory MDVSA-2010:076.

This update fixes several security issues in openssl:
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through 0.9.8m allows remote attackers to cause a denial of service
(crash) via a malformed record in a TLS connection (CVE-2010-0740)
- OpenSSL before 0.9.8m does not check for a NULL return value
from bn_wexpand function calls which has unspecified impact and
context-dependent attack vectors (CVE-2009-3245)
- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL
before 0.9.8n, when Kerberos is enabled but Kerberos configuration
files cannot be opened, could allow remote attackers to cause a denial
of service (NULL pointer dereference and daemon crash) (CVE-2010-0433)
- Finally, this update provides support for secure renegotiation,
preventing men-in-the-middle attacks (CVE-2009-3555).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:076

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0740
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
HPdes Security Advisory: HPSBUX02517
http://marc.info/?l=bugtraq&m=127128920008563&w=2
HPdes Security Advisory: HPSBUX02531
http://marc.info/?l=bugtraq&m=127557640302499&w=2
HPdes Security Advisory: SSRT100058
HPdes Security Advisory: SSRT100108
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
http://www.securitytracker.com/id?1023748
http://secunia.com/advisories/39932
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://secunia.com/advisories/43311
http://www.vupen.com/english/advisories/2010/0710
http://www.vupen.com/english/advisories/2010/0839
http://www.vupen.com/english/advisories/2010/0933
http://www.vupen.com/english/advisories/2010/1216
Common Vulnerability Exposure (CVE) ID: CVE-2009-3245
BugTraq ID: 38562
http://www.securityfocus.com/bid/38562
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
HPdes Security Advisory: HPSBOV02540
http://marc.info/?l=bugtraq&m=127678688104458&w=2
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://secunia.com/advisories/37291
http://secunia.com/advisories/38761
http://secunia.com/advisories/39461
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-1003-1
http://www.vupen.com/english/advisories/2010/0916
Common Vulnerability Exposure (CVE) ID: CVE-2010-0433
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7
http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html
http://www.openwall.com/lists/oss-security/2010/03/03/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856
Common Vulnerability Exposure (CVE) ID: CVE-2009-3555
AIX APAR: IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
AIX APAR: IC68054
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
AIX APAR: IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
AIX APAR: PM00675
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
AIX APAR: PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
BugTraq ID: 36935
http://www.securityfocus.com/bid/36935
Bugtraq: 20091118 TLS / SSLv3 vulnerability explained (DRAFT) (Google Search)
http://www.securityfocus.com/archive/1/507952/100/0/threaded
Bugtraq: 20091124 rPSA-2009-0155-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/508075/100/0/threaded
Bugtraq: 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) (Google Search)
http://www.securityfocus.com/archive/1/508130/100/0/threaded
Bugtraq: 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (Google Search)
http://www.securityfocus.com/archive/1/515055/100/0/threaded
Bugtraq: 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
Cert/CC Advisory: TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Cert/CC Advisory: TA10-287A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT/CC vulnerability note: VU#120541
http://www.kb.cert.org/vuls/id/120541
Cisco Security Advisory: 20091109 Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Debian Security Information: DSA-1934 (Google Search)
http://www.debian.org/security/2009/dsa-1934
Debian Security Information: DSA-2141 (Google Search)
http://www.debian.org/security/2011/dsa-2141
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
http://seclists.org/fulldisclosure/2009/Nov/139
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://security.gentoo.org/glsa/glsa-201203-22.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBGN02562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
HPdes Security Advisory: HPSBHF02706
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HPdes Security Advisory: HPSBHF03293
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HPdes Security Advisory: HPSBMA02534
http://marc.info/?l=bugtraq&m=127419602507642&w=2
HPdes Security Advisory: HPSBMA02547
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPdes Security Advisory: HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HPdes Security Advisory: HPSBMU02759
http://www.securityfocus.com/archive/1/522176
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBUX02482
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HPdes Security Advisory: HPSBUX02498
http://marc.info/?l=bugtraq&m=126150535619567&w=2
HPdes Security Advisory: HPSBUX02524
http://marc.info/?l=bugtraq&m=127557596201693&w=2
HPdes Security Advisory: SSRT090180
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT090249
HPdes Security Advisory: SSRT090264
HPdes Security Advisory: SSRT100089
HPdes Security Advisory: SSRT100179
HPdes Security Advisory: SSRT100219
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: SSRT100817
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101846
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://www.betanews.com/article/1257452450
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.tombom.co.uk/blog/?p=85
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
http://marc.info/?l=cryptography&m=125752275331877&w=2
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
http://www.openwall.com/lists/oss-security/2009/11/05/3
http://www.openwall.com/lists/oss-security/2009/11/05/5
http://www.openwall.com/lists/oss-security/2009/11/06/3
http://www.openwall.com/lists/oss-security/2009/11/07/3
http://www.openwall.com/lists/oss-security/2009/11/20/1
http://www.openwall.com/lists/oss-security/2009/11/23/10
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
Microsoft Security Bulletin: MS10-049
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
OpenBSD Security Advisory: [4.5] 010: SECURITY FIX: November 26, 2009
http://openbsd.org/errata45.html#010_openssl
OpenBSD Security Advisory: [4.6] 004: SECURITY FIX: November 26, 2009
http://openbsd.org/errata46.html#004_openssl
http://osvdb.org/60521
http://osvdb.org/60972
http://osvdb.org/62210
http://osvdb.org/65202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
http://www.redhat.com/support/errata/RHSA-2010-0119.html
http://www.redhat.com/support/errata/RHSA-2010-0130.html
http://www.redhat.com/support/errata/RHSA-2010-0155.html
http://www.redhat.com/support/errata/RHSA-2010-0165.html
http://www.redhat.com/support/errata/RHSA-2010-0167.html
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://www.redhat.com/support/errata/RHSA-2010-0339.html
http://www.redhat.com/support/errata/RHSA-2010-0768.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0786.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
http://www.redhat.com/support/errata/RHSA-2010-0986.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://securitytracker.com/id?1023148
http://www.securitytracker.com/id?1023163
http://www.securitytracker.com/id?1023204
http://www.securitytracker.com/id?1023205
http://www.securitytracker.com/id?1023206
http://www.securitytracker.com/id?1023207
http://www.securitytracker.com/id?1023208
http://www.securitytracker.com/id?1023209
http://www.securitytracker.com/id?1023210
http://www.securitytracker.com/id?1023211
http://www.securitytracker.com/id?1023212
http://www.securitytracker.com/id?1023213
http://www.securitytracker.com/id?1023214
http://www.securitytracker.com/id?1023215
http://www.securitytracker.com/id?1023216
http://www.securitytracker.com/id?1023217
http://www.securitytracker.com/id?1023218
http://www.securitytracker.com/id?1023219
http://www.securitytracker.com/id?1023224
http://www.securitytracker.com/id?1023243
http://www.securitytracker.com/id?1023270
http://www.securitytracker.com/id?1023271
http://www.securitytracker.com/id?1023272
http://www.securitytracker.com/id?1023273
http://www.securitytracker.com/id?1023274
http://www.securitytracker.com/id?1023275
http://www.securitytracker.com/id?1023411
http://www.securitytracker.com/id?1023426
http://www.securitytracker.com/id?1023427
http://www.securitytracker.com/id?1023428
http://www.securitytracker.com/id?1024789
http://secunia.com/advisories/37292
http://secunia.com/advisories/37320
http://secunia.com/advisories/37383
http://secunia.com/advisories/37399
http://secunia.com/advisories/37453
http://secunia.com/advisories/37501
http://secunia.com/advisories/37504
http://secunia.com/advisories/37604
http://secunia.com/advisories/37640
http://secunia.com/advisories/37656
http://secunia.com/advisories/37675
http://secunia.com/advisories/37859
http://secunia.com/advisories/38003
http://secunia.com/advisories/38020
http://secunia.com/advisories/38056
http://secunia.com/advisories/38241
http://secunia.com/advisories/38484
http://secunia.com/advisories/38687
http://secunia.com/advisories/38781
http://secunia.com/advisories/39127
http://secunia.com/advisories/39136
http://secunia.com/advisories/39242
http://secunia.com/advisories/39243
http://secunia.com/advisories/39278
http://secunia.com/advisories/39292
http://secunia.com/advisories/39317
http://secunia.com/advisories/39500
http://secunia.com/advisories/39628
http://secunia.com/advisories/39632
http://secunia.com/advisories/39713
http://secunia.com/advisories/39819
http://secunia.com/advisories/40070
http://secunia.com/advisories/40545
http://secunia.com/advisories/40747
http://secunia.com/advisories/40866
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://secunia.com/advisories/41818
http://secunia.com/advisories/41967
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://secunia.com/advisories/42379
http://secunia.com/advisories/42467
http://secunia.com/advisories/42808
http://secunia.com/advisories/42811
http://secunia.com/advisories/42816
http://secunia.com/advisories/43308
http://secunia.com/advisories/44183
http://secunia.com/advisories/44954
http://secunia.com/advisories/48577
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SuSE Security Announcement: SUSE-SA:2009:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
SuSE Security Announcement: SUSE-SA:2010:061 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://www.ubuntu.com/usn/USN-1010-1
http://ubuntu.com/usn/usn-923-1
http://www.ubuntu.com/usn/USN-927-1
http://www.ubuntu.com/usn/USN-927-4
http://www.ubuntu.com/usn/USN-927-5
http://www.vupen.com/english/advisories/2009/3164
http://www.vupen.com/english/advisories/2009/3165
http://www.vupen.com/english/advisories/2009/3205
http://www.vupen.com/english/advisories/2009/3220
http://www.vupen.com/english/advisories/2009/3310
http://www.vupen.com/english/advisories/2009/3313
http://www.vupen.com/english/advisories/2009/3353
http://www.vupen.com/english/advisories/2009/3354
http://www.vupen.com/english/advisories/2009/3484
http://www.vupen.com/english/advisories/2009/3521
http://www.vupen.com/english/advisories/2009/3587
http://www.vupen.com/english/advisories/2010/0086
http://www.vupen.com/english/advisories/2010/0173
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0848
http://www.vupen.com/english/advisories/2010/0982
http://www.vupen.com/english/advisories/2010/0994
http://www.vupen.com/english/advisories/2010/1054
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1191
http://www.vupen.com/english/advisories/2010/1350
http://www.vupen.com/english/advisories/2010/1639
http://www.vupen.com/english/advisories/2010/1673
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2010/2010
http://www.vupen.com/english/advisories/2010/2745
http://www.vupen.com/english/advisories/2010/3069
http://www.vupen.com/english/advisories/2010/3086
http://www.vupen.com/english/advisories/2010/3126
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0033
http://www.vupen.com/english/advisories/2011/0086
XForce ISS Database: tls-renegotiation-weak-security(54158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.