Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA394] DSA-394-1 openssl095 Vulnerability Scan

Vulnerability Scan Summary
DSA-394-1 openssl095

Detailed Explanation for this Vulnerability Test

Steve Henson of the OpenSSL core team identified and prepared fixes
for a number of vulnerabilities in the OpenSSL ASN1 code that were
discovered after running a test suite by British National
Infrastructure Security Coordination Centre (NISCC).
A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.
The Common Vulnerabilities and Exposures project identifies the
following problems:
Integer overflow in OpenSSL that allows remote attackers to cause a
denial of service (crash) via an SSL client certificate with
certain ASN.1 tag values.
OpenSSL does not properly track the number of characters in certain
ASN.1 inputs, which allows remote attackers to cause a denial of
service (crash) via an SSL client certificate that causes OpenSSL
to read past the end of a buffer when the long form is used.
Double-free vulnerability allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via an SSL
client certificate with a certain invalid ASN.1 encoding. This bug
was only present in OpenSSL 0.9.7 and is listed here only for
For the stable distribution (woody) this problem has been
fixed in openssl095 version 0.9.5a-6.woody.3.
This package is not present in the unstable (sid) or testing (sarge)
We recommend that you upgrade your libssl095a packages and restart
services using this library. Debian doesn't ship any packages that
are linked against this library.
The following commandline (courtesy of Ray Dassen) produces a list of
names of running processes that have libssl095 mapped into their
memory space:

find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \
| sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniq

You should restart the associated services.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.