Gain a shell remotely : OpenSSL overflow (generic test)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11060

Categoría: Gain a shell remotely

Título: OpenSSL overflow (generic test)

Resumen: NOSUMMARY

Descripción: Description:

The remote host seems to be using a version of OpenSSL which is
older than 0.9.6e or 0.9.7-beta3

This version is vulnerable to a buffer overflow which,
may allow an attacker to obtain a shell on this host.

Solution : Upgrade to version 0.9.6e (0.9.7beta3) or newer
Compaq Insight Manager: www.compaq.com/support/files/server/us/download/15803.h
tml
Risk factor : High

Referencia Cruzada: BugTraq ID: 3004
BugTraq ID: 4316
BugTraq ID: 5363
Common Vulnerability Exposure (CVE) ID: CVE-2002-0656
BugTraq ID: 5362
http://www.securityfocus.com/bid/5362
http://www.securityfocus.com/bid/5363
Bugtraq: 20020730 GLSA: OpenSSL (Google Search)
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows (Google Search)
Bugtraq: 20020730 OpenSSL patches for other versions (Google Search)
Bugtraq: 20020730 TSLSA-2002-0063 - openssl (Google Search)
Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search)
Caldera Security Advisory: CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Caldera Security Advisory: CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
http://www.cert.org/advisories/CA-2002-23.html
CERT/CC vulnerability note: VU#102795
http://www.kb.cert.org/vuls/id/102795
CERT/CC vulnerability note: VU#258555
http://www.kb.cert.org/vuls/id/258555
Conectiva Linux advisory: CLA-2002:513
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Debian Security Information: DSA-136 (Google Search)
En Garde Linux Advisory: ESA-20020730-019
FreeBSD Security Advisory: FreeBSD-SA-01:51
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
RedHat Security Advisories: RHSA-2002:155
SuSE Security Announcement: SuSE-SA:2002:027 (Google Search)
http://www.iss.net/security_center/static/9714.php
http://www.iss.net/security_center/static/9716.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0655
BugTraq ID: 5364
http://www.securityfocus.com/bid/5364
CERT/CC vulnerability note: VU#308891
http://www.kb.cert.org/vuls/id/308891
Common Vulnerability Exposure (CVE) ID: CVE-2002-0657
BugTraq ID: 5361
http://www.securityfocus.com/bid/5361
Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search)
CERT/CC vulnerability note: VU#561275
http://www.kb.cert.org/vuls/id/561275
http://www.iss.net/security_center/static/9715.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0659
BugTraq ID: 5366
http://www.securityfocus.com/bid/5366
CERT/CC vulnerability note: VU#748355
http://www.kb.cert.org/vuls/id/748355
Conectiva Linux advisory: CLA-2002:516
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
RedHat Security Advisories: RHSA-2002:160
http://rhn.redhat.com/errata/RHSA-2002-160.html
RedHat Security Advisories: RHSA-2002:161
http://rhn.redhat.com/errata/RHSA-2002-161.html
RedHat Security Advisories: RHSA-2002:164
http://rhn.redhat.com/errata/RHSA-2002-164.html
http://www.iss.net/security_center/static/9718.php
Common Vulnerability Exposure (CVE) ID: CVE-2001-1141
http://www.securityfocus.com/bid/3004
Bugtraq: 20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a (Google Search)
http://www.securityfocus.com/archive/1/195829
Conectiva Linux advisory: CLA-2001:418
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
En Garde Linux Advisory: ESA-20010709-01
http://www.linuxsecurity.com/advisories/other_advisory-1483.html
http://www.securityfocus.com/advisories/3475
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
NETBSD Security Advisory: NetBSD-SA2001-013
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
http://www.osvdb.org/853
http://www.redhat.com/support/errata/RHSA-2001-051.html
XForce ISS Database: openssl-prng-brute-force(6823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6823

Copyright This script is Copyright (C) 2002 Solar Eclipse / Renaud Deraison

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11060
Categoría:	Gain a shell remotely
Título:	OpenSSL overflow (generic test)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 This version is vulnerable to a buffer overflow which, may allow an attacker to obtain a shell on this host. Solution : Upgrade to version 0.9.6e (0.9.7beta3) or newer Compaq Insight Manager: www.compaq.com/support/files/server/us/download/15803.h tml Risk factor : High
Referencia Cruzada:	BugTraq ID: 3004 BugTraq ID: 4316 BugTraq ID: 5363 Common Vulnerability Exposure (CVE) ID: CVE-2002-0656 BugTraq ID: 5362 http://www.securityfocus.com/bid/5362 http://www.securityfocus.com/bid/5363 Bugtraq: 20020730 GLSA: OpenSSL (Google Search) Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows (Google Search) Bugtraq: 20020730 OpenSSL patches for other versions (Google Search) Bugtraq: 20020730 TSLSA-2002-0063 - openssl (Google Search) Bugtraq: 20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) (Google Search) Caldera Security Advisory: CSSA-2002-033.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Caldera Security Advisory: CSSA-2002-033.1 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt http://www.cert.org/advisories/CA-2002-23.html CERT/CC vulnerability note: VU#102795 http://www.kb.cert.org/vuls/id/102795 CERT/CC vulnerability note: VU#258555 http://www.kb.cert.org/vuls/id/258555 Conectiva Linux advisory: CLA-2002:513 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 Debian Security Information: DSA-136 (Google Search) En Garde Linux Advisory: ESA-20020730-019 FreeBSD Security Advisory: FreeBSD-SA-01:51 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php RedHat Security Advisories: RHSA-2002:155 SuSE Security Announcement: SuSE-SA:2002:027 (Google Search) http://www.iss.net/security_center/static/9714.php http://www.iss.net/security_center/static/9716.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0655 BugTraq ID: 5364 http://www.securityfocus.com/bid/5364 CERT/CC vulnerability note: VU#308891 http://www.kb.cert.org/vuls/id/308891 Common Vulnerability Exposure (CVE) ID: CVE-2002-0657 BugTraq ID: 5361 http://www.securityfocus.com/bid/5361 Bugtraq: 20020730 OpenSSL Security Altert - Remote Buffer Overflows: (Google Search) CERT/CC vulnerability note: VU#561275 http://www.kb.cert.org/vuls/id/561275 http://www.iss.net/security_center/static/9715.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0659 BugTraq ID: 5366 http://www.securityfocus.com/bid/5366 CERT/CC vulnerability note: VU#748355 http://www.kb.cert.org/vuls/id/748355 Conectiva Linux advisory: CLA-2002:516 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516 RedHat Security Advisories: RHSA-2002:160 http://rhn.redhat.com/errata/RHSA-2002-160.html RedHat Security Advisories: RHSA-2002:161 http://rhn.redhat.com/errata/RHSA-2002-161.html RedHat Security Advisories: RHSA-2002:164 http://rhn.redhat.com/errata/RHSA-2002-164.html http://www.iss.net/security_center/static/9718.php Common Vulnerability Exposure (CVE) ID: CVE-2001-1141 http://www.securityfocus.com/bid/3004 Bugtraq: 20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a (Google Search) http://www.securityfocus.com/archive/1/195829 Conectiva Linux advisory: CLA-2001:418 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418 En Garde Linux Advisory: ESA-20010709-01 http://www.linuxsecurity.com/advisories/other_advisory-1483.html http://www.securityfocus.com/advisories/3475 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0 NETBSD Security Advisory: NetBSD-SA2001-013 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc http://www.osvdb.org/853 http://www.redhat.com/support/errata/RHSA-2001-051.html XForce ISS Database: openssl-prng-brute-force(6823) https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Copyright	This script is Copyright (C) 2002 Solar Eclipse / Renaud Deraison