Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN113-1 : libnet-ssleay-perl vulnerability Vulnerability Scan


Vulnerability Scan Summary
libnet-ssleay-perl vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote package "libnet-ssleay-perl" is missing a security patch.

Description :

Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if a possible hacker provides a
/tmp/entropy file with known content.

The updated package requires the specification of an entropy source
with EGD_PATH and also requires that the source is a socket (as
opposed to a normal file).

Please note that this only affects systems which have egd installed
from third party sources
egd is not shipped with Ubuntu.

Solution :

Upgrade to :
- libnet-ssleay-perl-1.25-1ubuntu0.2 (Ubuntu 5.04)



Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.