|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:161: openssl Vulnerability Scan
Vulnerability Scan Summary Check for the version of the openssl package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:161 (openssl).
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures where an RSA key with a small exponent used could be
vulnerable to forgery of a PKCS #1 v1.5 signature signed by that
key.
Any software using OpenSSL to verify X.509 certificates is potentially
vulnerable to this issue, as well as any other use of PKCS #1 v1.5,
including software uses OpenSSL for SSL or TLS.
Updated packages are patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:161
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|