Executive Summary

Summary
Titleopenssl security update
Informations
NameRHSA-2010:0979First vendor Publication2010-12-13
VendorRedHatLast vendor Modification2010-12-13
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0979.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22097
 
Oval ID: oval:org.mitre.oval:def:22097
Title: RHSA-2010:0979: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): RHSA-2010:0979-01
CVE-2010-4180
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22038
 
Oval ID: oval:org.mitre.oval:def:22038
Title: RHSA-2010:0978: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): RHSA-2010:0978-01
CESA-2010:0978
CVE-2008-7270
CVE-2010-4180
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20828
 
Oval ID: oval:org.mitre.oval:def:20828
Title: Multiple OpenSSL vulnerabilities
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20705
 
Oval ID: oval:org.mitre.oval:def:20705
Title: VMware vSphere and vCOps updates to third party libraries
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19752
 
Oval ID: oval:org.mitre.oval:def:19752
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19547
 
Oval ID: oval:org.mitre.oval:def:19547
Title: HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18910
 
Oval ID: oval:org.mitre.oval:def:18910
Title: OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server (CVE-2010-4180)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4180
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12801
 
Oval ID: oval:org.mitre.oval:def:12801
Title: DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw
Description: CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers.
Family: unix Class: patch
Reference(s): DSA-2141-2
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12707
 
Oval ID: oval:org.mitre.oval:def:12707
Title: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw
Description: CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
Family: unix Class: patch
Reference(s): DSA-2141-1
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12573
 
Oval ID: oval:org.mitre.oval:def:12573
Title: DSA-2141-3 apache2 -- backward compatibility option for SSL/TLS insecure
Description: DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients. More information can be found in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .
Family: unix Class: patch
Reference(s): DSA-2141-3
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12481
 
Oval ID: oval:org.mitre.oval:def:12481
Title: DSA-2141-4 lighttpd -- compatibility problem with updated openssl
Description: The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem.
Family: unix Class: patch
Reference(s): DSA-2141-4
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): lighttpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22780
 
Oval ID: oval:org.mitre.oval:def:22780
Title: ELSA-2010:0979: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): ELSA-2010:0979-01
CVE-2010-4180
Version: 6
Platform(s): Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22306
 
Oval ID: oval:org.mitre.oval:def:22306
Title: ELSA-2010:0978: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): ELSA-2010:0978-01
CVE-2008-7270
CVE-2010-4180
Version: 13
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24969
 
Oval ID: oval:org.mitre.oval:def:24969
Title: Vulnerability in OpenSSL 0.9.8q, and 1.0.x before 1.0.0c, does not properly prevent modification of the ciphersuite in the session cache
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4180
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25193
 
Oval ID: oval:org.mitre.oval:def:25193
Title: SUSE-SU-2013:1165-1 -- Security update for libcurl4
Description: This update of curl fixes several security issues: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) * cookie domain tailmatch (bnc#814655 / CVE-2013-1944) * curl sets SSL_OP_ALL (bnc#742306 / CVE-2011-3389) * When SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier (CVE-2010-4180)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1165-1
CVE-2013-2174
CVE-2013-1944
CVE-2011-3389
CVE-2010-4180
Version: 1
Platform(s): SUSE Linux Enterprise Desktop 10
Product(s): libcurl4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application76

OpenVAS Exploits

DateDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30Name : CentOS Update for openssl CESA-2010:0977 centos4 x86_64
File : nvt/gb_CESA-2010_0977_openssl_centos4_x86_64.nasl
2012-03-15Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-01 (openssl)
File : nvt/glsa_201110_01.nasl
2011-09-12Name : Fedora Update for openssl FEDORA-2011-12281
File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl
2011-08-19Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl
2011-08-09Name : CentOS Update for openssl CESA-2010:0978 centos5 i386
File : nvt/gb_CESA-2010_0978_openssl_centos5_i386.nasl
2011-05-05Name : HP-UX Update for OpenSSL HPSBUX02638
File : nvt/gb_hp_ux_HPSBUX02638.nasl
2011-03-24Name : Fedora Update for openssl FEDORA-2011-1255
File : nvt/gb_fedora_2011_1255_openssl_fc13.nasl
2011-02-16Name : Fedora Update for openssl FEDORA-2011-1273
File : nvt/gb_fedora_2011_1273_openssl_fc14.nasl
2011-01-31Name : CentOS Update for openssl CESA-2010:0977 centos4 i386
File : nvt/gb_CESA-2010_0977_openssl_centos4_i386.nasl
2010-12-28Name : Fedora Update for openssl FEDORA-2010-18736
File : nvt/gb_fedora_2010_18736_openssl_fc13.nasl
2010-12-28Name : Fedora Update for openssl FEDORA-2010-18765
File : nvt/gb_fedora_2010_18765_openssl_fc14.nasl
2010-12-28Name : RedHat Update for openssl RHSA-2010:0977-01
File : nvt/gb_RHSA-2010_0977-01_openssl.nasl
2010-12-28Name : RedHat Update for openssl RHSA-2010:0978-01
File : nvt/gb_RHSA-2010_0978-01_openssl.nasl
2010-12-23Name : Ubuntu Update for openssl vulnerabilities USN-1029-1
File : nvt/gb_ubuntu_USN_1029_1.nasl
2010-12-23Name : Mandriva Update for openssl MDVSA-2010:248 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_248.nasl
0000-00-00Name : Slackware Advisory SSA:2010-340-01 openssl
File : nvt/esoft_slk_ssa_2010_340_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69565OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Do...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794
2012-04-05IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator
Severity : Category I - VMSKEY : V0031972
2011-12-01IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory2.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0979.nasl - Type : ACT_GATHER_INFO
2013-07-10Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libcurl4-8618.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101213_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101213_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-7462.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-10-28Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-10-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO
2011-07-28Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2011-07-28Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-05-04Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-7463.nasl - Type : ACT_GATHER_INFO
2011-05-04Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12701.nasl - Type : ACT_GATHER_INFO
2011-02-07Name : The remote host allows resuming SSL sessions with a weaker cipher than the on...
File : openssl_resume_different_cipher.nasl - Type : ACT_ATTACK
2011-01-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-01-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO
2010-12-20Name : The remote Fedora host is missing a security update.
File : fedora_2010-18736.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0979.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2010-12-12Name : The remote Fedora host is missing a security update.
File : fedora_2010-18765.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-248.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1029-1.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-340-01.nasl - Type : ACT_GATHER_INFO
2010-12-07Name : The remote web server is affected by multiple vulnerabilities.
File : openssl_1_0_0c.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:11
  • Multiple Updates