|
|
Family: Gain a shell remotely --> Category: mixed
OpenSSL overflow (generic test) Vulnerability Scan
Vulnerability Scan Summary
Checks for the behavior of OpenSSL
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote service uses a library which is vulnerable to a buffer overflow
vulnerability.
Description :
The remote service seems to be using a version of OpenSSL which is
older than 0.9.6e or 0.9.7-beta3.
This version is vulnerable to a buffer overflow which, may allow an
attacker to execute arbitrary commands on the remote host with the
rights of the application itself.
Solution :
Upgrade to OpenSSL version 0.9.6e (0.9.7beta3) or newer :
http://www.openssl.org
If the remote service is Compaq Insight Manager, please visit
http://h18023.www1.hp.com/support/files/server/us/download/15803.html
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
