F5 Local Security Checks : F5 BIG-IP - OpenSSL vulnerability CVE-2010-4252

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105400

Categoría: F5 Local Security Checks

Título: F5 BIG-IP - OpenSSL vulnerability CVE-2010-4252

Resumen: The remote host is missing a security patch.

Descripción: Summary:
The remote host is missing a security patch.

Vulnerability Insight:
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. (CVE-2010-4252)

Vulnerability Impact:
F5 products do not use J-PAKE in supported configurations.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4252
1024823
http://securitytracker.com/id?1024823
42469
http://secunia.com/advisories/42469
45163
http://www.securityfocus.com/bid/45163
57353
http://secunia.com/advisories/57353
ADV-2010-3120
http://www.vupen.com/english/advisories/2010/3120
ADV-2010-3122
http://www.vupen.com/english/advisories/2010/3122
HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
SSA:2010-340-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
SSRT100339
SSRT100475
http://cvs.openssl.org/chngview?cn=20098
http://openssl.org/news/secadv_20101202.txt
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
https://bugzilla.redhat.com/show_bug.cgi?id=659297
https://github.com/seb-m/jpake
oval:org.mitre.oval:def:19039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105400
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - OpenSSL vulnerability CVE-2010-4252
Resumen:	The remote host is missing a security patch.
Descripción:	Summary: The remote host is missing a security patch. Vulnerability Insight: OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. (CVE-2010-4252) Vulnerability Impact: F5 products do not use J-PAKE in supported configurations. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4252 1024823 http://securitytracker.com/id?1024823 42469 http://secunia.com/advisories/42469 45163 http://www.securityfocus.com/bid/45163 57353 http://secunia.com/advisories/57353 ADV-2010-3120 http://www.vupen.com/english/advisories/2010/3120 ADV-2010-3122 http://www.vupen.com/english/advisories/2010/3122 HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPSBUX02638 http://marc.info/?l=bugtraq&m=129916880600544&w=2 SSA:2010-340-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 SSRT100339 SSRT100475 http://cvs.openssl.org/chngview?cn=20098 http://openssl.org/news/secadv_20101202.txt http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 https://bugzilla.redhat.com/show_bug.cgi?id=659297 https://github.com/seb-m/jpake oval:org.mitre.oval:def:19039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039
Copyright	Copyright (C) 2015 Greenbone AG