|
Family: Ubuntu Local Security Checks --> Category: infos
USN24-1 : openssl script vulnerability Vulnerability Scan
Vulnerability Scan Summary openssl script vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libssl-dev
- libssl0.9.7
- openssl
Description :
Recently, Trustix Secure Linux discovered a vulnerability in the
openssl package. The auxiliary script "der_chop" created temporary
files in an insecure way, which could allow a symlink attack to create
or overwrite arbitrary files with the rights of the user invoking
the program.
Solution :
Upgrade to :
- libssl-dev-0.9.7d-3ubuntu0.1 (Ubuntu 4.10)
- libssl0.9.7-0.9.7d-3ubuntu0.1 (Ubuntu 4.10)
- openssl-0.9.7d-3ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|