7.6 - DSA-2125

Executive Summary

Summary
Title	New openssl packages fix buffer overflow

Informations
Name	DSA-2125	First vendor Publication	2010-11-22
Vendor	Debian	Last vendor Modification	2010-11-22
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.6	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code.

However, not all OpenSSL based SSL/TLS servers are vulnerable: A server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.

This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted.

A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems.

For the stable distribution (lenny), the problem has been fixed in openssl version 0.9.8g-15+lenny9.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.9.8o-3.

We recommend that you upgrade your openssl packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-2125

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-362	Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12598

Oval ID:	oval:org.mitre.oval:def:12598
Title:	DSA-2125-1 openssl -- buffer overflow
Description:	A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. However, not all OpenSSL based SSL/TLS servers are vulnerable: A server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. In particular the Apache HTTP server and Stunnel are NOT affected. This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted. A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems. For the stable distribution, the problem has been fixed in openssl version 0.9.8g-15+lenny9. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.9.8o-3. We recommend that you upgrade your openssl packages.
Family:	unix	Class:	patch
Reference(s):	DSA-2125-1 CVE-2010-3864	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	openssl
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa Packages section libssl-dev DPKG is earlier than 0.9.8g-15+lenny9 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15+lenny9 AND openssl DPKG is earlier than 0.9.8g-15+lenny9 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15+lenny9

Definition Id: oval:org.mitre.oval:def:13383

Oval ID:	oval:org.mitre.oval:def:13383
Title:	USN-1018-1 -- openssl vulnerability
Description:	Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges
Family:	unix	Class:	patch
Reference(s):	USN-1018-1 CVE-2010-3864	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-4ubuntu3.12 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-4ubuntu3.12 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-4ubuntu3.12 AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.12 AND libssl-dev DPKG is earlier than 0.9.8g-4ubuntu3.12 AND openssl DPKG is earlier than 0.9.8g-4ubuntu3.12 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8o-1ubuntu4.2 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libssl-dev DPKG is earlier than 0.9.8o-1ubuntu4.2 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8o-1ubuntu4.2 AND openssl DPKG is earlier than 0.9.8o-1ubuntu4.2 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8o-1ubuntu4.2 AND libssl0.9.8 DPKG is earlier than 0.9.8o-1ubuntu4.2 AND libssl0.9.8-udeb DPKG is earlier than 0.9.8o-1ubuntu4.2 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-16ubuntu3.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is lpia AND Packages section openssl DPKG is earlier than 0.9.8g-16ubuntu3.4 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-16ubuntu3.4 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-16ubuntu3.4 AND libssl0.9.8 DPKG is earlier than 0.9.8g-16ubuntu3.4 AND libssl-dev DPKG is earlier than 0.9.8g-16ubuntu3.4 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8k-7ubuntu8.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is armel AND Packages section libssl-dev DPKG is earlier than 0.9.8k-7ubuntu8.4 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8k-7ubuntu8.4 AND openssl DPKG is earlier than 0.9.8k-7ubuntu8.4 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8k-7ubuntu8.4 AND libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.4 AND libssl0.9.8-udeb DPKG is earlier than 0.9.8k-7ubuntu8.4

Definition Id: oval:org.mitre.oval:def:19156

Oval ID:	oval:org.mitre.oval:def:19156
Title:	HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-3864	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02638 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08q.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08q.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08q.001 AND openssl.OPENSSL-INC version is less than A.00.09.08q.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08q.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08q.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08q.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08q.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08q.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08q.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08q.001 OR Criteria meets HP Security Bulletin HPSBUX02638 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08q.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08q.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08q.002 AND openssl.OPENSSL-INC version is less than A.00.09.08q.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08q.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08q.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08q.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08q.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08q.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08q.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08q.002 OR Criteria meets HP Security Bulletin HPSBUX02638 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08q.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08q.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08q.003 AND openssl.OPENSSL-INC version is less than A.00.09.08q.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08q.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08q.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08q.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08q.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08q.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08q.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08q.003

Definition Id: oval:org.mitre.oval:def:20422

Oval ID:	oval:org.mitre.oval:def:20422
Title:	Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-3864	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201101201-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201101201-SG is not installed OR Patch ESX400-201103401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201103401-SG is not installed

Definition Id: oval:org.mitre.oval:def:20685

Oval ID:	oval:org.mitre.oval:def:20685
Title:	Multiple OpenSSL vulnerabilities
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-3864	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets openssl.base less than 0.9.8.1301 AND OpenSSL-fips.base less than 12.9.8.1301

Definition Id: oval:org.mitre.oval:def:22343

Oval ID:	oval:org.mitre.oval:def:22343
Title:	RHSA-2010:0888: openssl security update (Important)
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0888-01 CVE-2010-3864	Version:	4
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	openssl
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section openssl-devel is earlier than 0:1.0.0-4.el6_0.1 AND openssl-static is earlier than 0:1.0.0-4.el6_0.1 AND openssl-perl is earlier than 0:1.0.0-4.el6_0.1 AND openssl is earlier than 0:1.0.0-4.el6_0.1

Definition Id: oval:org.mitre.oval:def:23654

Oval ID:	oval:org.mitre.oval:def:23654
Title:	ELSA-2010:0888: openssl security update (Important)
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0888-01 CVE-2010-3864	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 6.x rpm test openssl-devel is earlier than 0:1.0.0-4.el6_0.1 AND openssl-static is earlier than 0:1.0.0-4.el6_0.1 AND openssl-perl is earlier than 0:1.0.0-4.el6_0.1 AND openssl is earlier than 0:1.0.0-4.el6_0.1

Definition Id: oval:org.mitre.oval:def:24702

Oval ID:	oval:org.mitre.oval:def:24702
Title:	Vulnerability in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, might allow remote attackers to execute arbitrary code
Description:	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3864	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.8f before 0.9.8p AND Check if the version of OpenSSL 1.0.0 before 1.0.0b AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.8f before 0.9.8p (32_bit) AND Check if the version of OpenSSL 1.0.0 before 1.0.0b (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.8f before 0.9.8p ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.8f before 0.9.8p ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.8f before 0.9.8p under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0b ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0b ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0b under Sytem32 and SysWOW64

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8f:::::::*	12

OpenVAS Exploits

Date	Description
2012-03-16	Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl
2011-09-12	Name : Fedora Update for openssl FEDORA-2011-12281 File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl
2011-08-19	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl
2011-05-05	Name : HP-UX Update for OpenSSL HPSBUX02638 File : nvt/gb_hp_ux_HPSBUX02638.nasl
2011-03-24	Name : Fedora Update for openssl FEDORA-2011-1255 File : nvt/gb_fedora_2011_1255_openssl_fc13.nasl
2011-02-16	Name : Fedora Update for openssl FEDORA-2011-1273 File : nvt/gb_fedora_2011_1273_openssl_fc14.nasl
2011-01-24	Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl3.nasl
2011-01-24	Name : FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc) File : nvt/freebsdsa_openssl8.nasl
2010-12-28	Name : Fedora Update for openssl FEDORA-2010-18765 File : nvt/gb_fedora_2010_18765_openssl_fc14.nasl
2010-12-28	Name : Fedora Update for openssl FEDORA-2010-18736 File : nvt/gb_fedora_2010_18736_openssl_fc13.nasl
2010-12-02	Name : Fedora Update for openssl FEDORA-2010-17827 File : nvt/gb_fedora_2010_17827_openssl_fc14.nasl
2010-11-23	Name : Fedora Update for openssl FEDORA-2010-17847 File : nvt/gb_fedora_2010_17847_openssl_fc13.nasl
2010-11-23	Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl
2010-11-23	Name : Mandriva Update for openssl MDVSA-2010:238 (openssl) File : nvt/gb_mandriva_MDVSA_2010_238.nasl
2010-11-23	Name : Ubuntu Update for openssl vulnerability USN-1018-1 File : nvt/gb_ubuntu_USN_1018_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2010-326-01 openssl File : nvt/esoft_slk_ssa_2010_326_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
69265	OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow OpenSSL TLS Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted request, a remote attacker can cause a denial of service and potentially compromise an application using the library.

Information Assurance Vulnerability Management (IAVM)

Date	Description
2011-05-12	IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date	Description
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-101119.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory2.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101116_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by a buffer overflow vulnerability. File : openssl_0_9_8p_1_0_0b.nasl - Type : ACT_GATHER_INFO
2011-10-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-05-13	Name : The remote media server is affected by multiple vulnerabilities. File : adobe_fms_4_0_2.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-101111.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-101119.nasl - Type : ACT_GATHER_INFO
2011-02-14	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2011-01-21	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101116.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101111.nasl - Type : ACT_GATHER_INFO
2010-11-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2125.nasl - Type : ACT_GATHER_INFO
2010-11-22	Name : The remote Fedora host is missing a security update. File : fedora_2010-17847.nasl - Type : ACT_GATHER_INFO
2010-11-22	Name : The remote Fedora host is missing a security update. File : fedora_2010-17827.nasl - Type : ACT_GATHER_INFO
2010-11-22	Name : The remote Fedora host is missing a security update. File : fedora_2010-17826.nasl - Type : ACT_GATHER_INFO
2010-11-22	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-326-01.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3042c33af23711df9d020018fe623f2b.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-238.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0888.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1018-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:29:44	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	12
osvdb(s)	1
Openvas Exploit(s)	17
IAVM(s)	1
Nessus® Exploit(s)	22

	Related
7.6	CVE-2010-3864
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.6 - DSA-2125

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU