|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:023: perl-Net_SSLeay Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the perl-Net_SSLeay package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:023 (perl-Net_SSLeay).
Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used
the file /tmp/entropy as a fallback entropy source if a proper source was not
set via the environment variable EGD_PATH. This could potentially lead to
weakened cryptographic operations if a possible hacker was able to provide a /tmp/
entropy file with known content. The updated packages have been patched to
correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:023
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
