|
|
Family: Gain a shell remotely --> Category: infos
OpenSSL overflow via invalid certificate passing Vulnerability Scan
Vulnerability Scan Summary
Checks for the behavior of SSL
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host is vulnerable to a heap corruption vulnerability.
Description :
The remote host seems to be running a version of OpenSSL which is older
than 0.9.6k or 0.9.7c.
There is a heap corruption bug in this version which might be exploited by an
attacker to execute arbitrary code on the remote host with the rights
of the remote service.
Solution :
If you are running OpenSSL, upgrade to version 0.9.6k or 0.9.7c or newer.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
