Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:096 (openssl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53012

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:096 (openssl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to openssl
announced via advisory MDKSA-2005:096.

Colin Percival reported a cache timing attack that could be used to
allow a malicious local user to gain portions of cryptographic keys
(CVE-2005-0109). The OpenSSL library has been patched to add a new
fixed-window mod_exp implementation as default for RSA, DSA, and DH
private key operations. The patch was designed to mitigate cache
timing and possibly related attacks.

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:096

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 12724
Common Vulnerability Exposure (CVE) ID: CVE-2005-0109
http://www.securityfocus.com/bid/12724
CERT/CC vulnerability note: VU#911878
http://www.kb.cert.org/vuls/id/911878
FreeBSD Security Advisory: FreeBSD-SA-05:09
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.daemonology.net/hyperthreading-considered-harmful/
http://www.daemonology.net/papers/htt.pdf
http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2
http://marc.info/?l=freebsd-security&m=110994370429609&w=2
http://marc.info/?l=openbsd-misc&m=110995101417256&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747
http://www.redhat.com/support/errata/RHSA-2005-476.html
http://www.redhat.com/support/errata/RHSA-2005-800.html
SCO Security Bulletin: SCOSA-2005.24
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
http://securitytracker.com/id?1013967
http://secunia.com/advisories/15348
http://secunia.com/advisories/18165
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
http://www.vupen.com/english/advisories/2005/0540
http://www.vupen.com/english/advisories/2005/3002

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53012
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:096 (openssl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssl announced via advisory MDKSA-2005:096. Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CVE-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:096 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 12724 Common Vulnerability Exposure (CVE) ID: CVE-2005-0109 http://www.securityfocus.com/bid/12724 CERT/CC vulnerability note: VU#911878 http://www.kb.cert.org/vuls/id/911878 FreeBSD Security Advisory: FreeBSD-SA-05:09 http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 http://www.daemonology.net/hyperthreading-considered-harmful/ http://www.daemonology.net/papers/htt.pdf http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2 http://marc.info/?l=freebsd-security&m=110994370429609&w=2 http://marc.info/?l=openbsd-misc&m=110995101417256&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747 http://www.redhat.com/support/errata/RHSA-2005-476.html http://www.redhat.com/support/errata/RHSA-2005-800.html SCO Security Bulletin: SCOSA-2005.24 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt http://securitytracker.com/id?1013967 http://secunia.com/advisories/15348 http://secunia.com/advisories/18165 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1 http://www.vupen.com/english/advisories/2005/0540 http://www.vupen.com/english/advisories/2005/3002
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com