Executive Summary
Summary | |
---|---|
Title | Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBMA02658 SSRT100413 | First vendor Publication | 2011-04-19 |
Vendor | HP | Last vendor Modification | 2011-04-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be exploited remotely to allow unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure, and Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-362 | Race Condition |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12481 | |||
Oval ID: | oval:org.mitre.oval:def:12481 | ||
Title: | DSA-2141-4 lighttpd -- compatibility problem with updated openssl | ||
Description: | The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2141-4 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | lighttpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12573 | |||
Oval ID: | oval:org.mitre.oval:def:12573 | ||
Title: | DSA-2141-3 apache2 -- backward compatibility option for SSL/TLS insecure | ||
Description: | DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients. More information can be found in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz . | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2141-3 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | apache2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12598 | |||
Oval ID: | oval:org.mitre.oval:def:12598 | ||
Title: | DSA-2125-1 openssl -- buffer overflow | ||
Description: | A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. However, not all OpenSSL based SSL/TLS servers are vulnerable: A server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. In particular the Apache HTTP server and Stunnel are NOT affected. This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted. A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems. For the stable distribution, the problem has been fixed in openssl version 0.9.8g-15+lenny9. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.9.8o-3. We recommend that you upgrade your openssl packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2125-1 CVE-2010-3864 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12707 | |||
Oval ID: | oval:org.mitre.oval:def:12707 | ||
Title: | DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw | ||
Description: | CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2141-1 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12801 | |||
Oval ID: | oval:org.mitre.oval:def:12801 | ||
Title: | DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw | ||
Description: | CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2141-2 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12932 | |||
Oval ID: | oval:org.mitre.oval:def:12932 | ||
Title: | DSA-2162-1 openssl -- invalid memory access | ||
Description: | Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension. Packages in the oldstable distribution are not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2162-1 CVE-2011-0014 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13383 | |||
Oval ID: | oval:org.mitre.oval:def:13383 | ||
Title: | USN-1018-1 -- openssl vulnerability | ||
Description: | Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1018-1 CVE-2010-3864 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13649 | |||
Oval ID: | oval:org.mitre.oval:def:13649 | ||
Title: | USN-1064-1 -- openssl vulnerability | ||
Description: | Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1064-1 CVE-2011-0014 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18910 | |||
Oval ID: | oval:org.mitre.oval:def:18910 | ||
Title: | OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server (CVE-2010-4180) | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4180 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18985 | |||
Oval ID: | oval:org.mitre.oval:def:18985 | ||
Title: | OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server (CVE-2011-0014) | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0014 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19752 | |||
Oval ID: | oval:org.mitre.oval:def:19752 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4180 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20422 | |||
Oval ID: | oval:org.mitre.oval:def:20422 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3864 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20568 | |||
Oval ID: | oval:org.mitre.oval:def:20568 | ||
Title: | Multiple OpenSSL vulnerabilities | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0014 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20685 | |||
Oval ID: | oval:org.mitre.oval:def:20685 | ||
Title: | Multiple OpenSSL vulnerabilities | ||
Description: | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3864 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20705 | |||
Oval ID: | oval:org.mitre.oval:def:20705 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4180 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20732 | |||
Oval ID: | oval:org.mitre.oval:def:20732 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0014 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20828 | |||
Oval ID: | oval:org.mitre.oval:def:20828 | ||
Title: | Multiple OpenSSL vulnerabilities | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4180 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20975 | |||
Oval ID: | oval:org.mitre.oval:def:20975 | ||
Title: | RHSA-2011:0677: openssl security, bug fix, and enhancement update (Moderate) | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0677-01 CVE-2011-0014 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22038 | |||
Oval ID: | oval:org.mitre.oval:def:22038 | ||
Title: | RHSA-2010:0978: openssl security update (Moderate) | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0978-01 CESA-2010:0978 CVE-2008-7270 CVE-2010-4180 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22097 | |||
Oval ID: | oval:org.mitre.oval:def:22097 | ||
Title: | RHSA-2010:0979: openssl security update (Moderate) | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0979-01 CVE-2010-4180 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22306 | |||
Oval ID: | oval:org.mitre.oval:def:22306 | ||
Title: | ELSA-2010:0978: openssl security update (Moderate) | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0978-01 CVE-2008-7270 CVE-2010-4180 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22343 | |||
Oval ID: | oval:org.mitre.oval:def:22343 | ||
Title: | RHSA-2010:0888: openssl security update (Important) | ||
Description: | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0888-01 CVE-2010-3864 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22780 | |||
Oval ID: | oval:org.mitre.oval:def:22780 | ||
Title: | ELSA-2010:0979: openssl security update (Moderate) | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0979-01 CVE-2010-4180 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23416 | |||
Oval ID: | oval:org.mitre.oval:def:23416 | ||
Title: | ELSA-2011:0677: openssl security, bug fix, and enhancement update (Moderate) | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0677-01 CVE-2011-0014 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23654 | |||
Oval ID: | oval:org.mitre.oval:def:23654 | ||
Title: | ELSA-2010:0888: openssl security update (Important) | ||
Description: | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0888-01 CVE-2010-3864 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24643 | |||
Oval ID: | oval:org.mitre.oval:def:24643 | ||
Title: | Vulnerability in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c, allows remote attackers to cause a denial of service (crash) | ||
Description: | ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0014 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24702 | |||
Oval ID: | oval:org.mitre.oval:def:24702 | ||
Title: | Vulnerability in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, might allow remote attackers to execute arbitrary code | ||
Description: | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3864 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24969 | |||
Oval ID: | oval:org.mitre.oval:def:24969 | ||
Title: | Vulnerability in OpenSSL 0.9.8q, and 1.0.x before 1.0.0c, does not properly prevent modification of the ciphersuite in the session cache | ||
Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4180 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25193 | |||
Oval ID: | oval:org.mitre.oval:def:25193 | ||
Title: | SUSE-SU-2013:1165-1 -- Security update for libcurl4 | ||
Description: | This update of curl fixes several security issues: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) * cookie domain tailmatch (bnc#814655 / CVE-2013-1944) * curl sets SSL_OP_ALL (bnc#742306 / CVE-2011-3389) * When SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier (CVE-2010-4180) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1165-1 CVE-2013-2174 CVE-2013-1944 CVE-2011-3389 CVE-2010-4180 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 10 | Product(s): | libcurl4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28024 | |||
Oval ID: | oval:org.mitre.oval:def:28024 | ||
Title: | DEPRECATED: ELSA-2011-0677 -- openssl security, bug fix, and enhancement update (moderate) | ||
Description: | [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode [1.0.0-7] - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers (#619762) [1.0.0-6] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-5] - fix race in extension parsing code - CVE-2010-3864 (#649304) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0677 CVE-2011-0014 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28187 | |||
Oval ID: | oval:org.mitre.oval:def:28187 | ||
Title: | DEPRECATED: ELSA-2010-0979 -- openssl security update (moderate) | ||
Description: | [1.0.0-4.2] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-4.1] - fix race in extension parsing code - CVE-2010-3864 (#649304) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0979 CVE-2010-3864 CVE-2010-4180 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-07-30 | Name : CentOS Update for openssl CESA-2010:0977 centos4 x86_64 File : nvt/gb_CESA-2010_0977_openssl_centos4_x86_64.nasl |
2012-06-06 | Name : RedHat Update for openssl RHSA-2011:0677-01 File : nvt/gb_RHSA-2011_0677-01_openssl.nasl |
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
2011-09-12 | Name : Fedora Update for openssl FEDORA-2011-12281 File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2010:0978 centos5 i386 File : nvt/gb_CESA-2010_0978_openssl_centos5_i386.nasl |
2011-05-05 | Name : Fedora Update for mingw32-openssl FEDORA-2011-5865 File : nvt/gb_fedora_2011_5865_mingw32-openssl_fc14.nasl |
2011-05-05 | Name : Fedora Update for mingw32-openssl FEDORA-2011-5876 File : nvt/gb_fedora_2011_5876_mingw32-openssl_fc13.nasl |
2011-05-05 | Name : HP-UX Update for OpenSSL HPSBUX02638 File : nvt/gb_hp_ux_HPSBUX02638.nasl |
2011-03-24 | Name : Fedora Update for openssl FEDORA-2011-1255 File : nvt/gb_fedora_2011_1255_openssl_fc13.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2162-1 (openssl) File : nvt/deb_2162_1.nasl |
2011-02-18 | Name : Mandriva Update for openssl MDVSA-2011:028 (openssl) File : nvt/gb_mandriva_MDVSA_2011_028.nasl |
2011-02-18 | Name : Ubuntu Update for openssl vulnerability USN-1064-1 File : nvt/gb_ubuntu_USN_1064_1.nasl |
2011-02-16 | Name : Fedora Update for openssl FEDORA-2011-1273 File : nvt/gb_fedora_2011_1273_openssl_fc14.nasl |
2011-02-07 | Name : OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability File : nvt/gb_openssh_46155.nasl |
2011-01-31 | Name : CentOS Update for openssl CESA-2010:0977 centos4 i386 File : nvt/gb_CESA-2010_0977_openssl_centos4_i386.nasl |
2011-01-24 | Name : FreeBSD Security Advisory (FreeBSD-SA-10:10.openssl.asc) File : nvt/freebsdsa_openssl8.nasl |
2011-01-24 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl3.nasl |
2010-12-28 | Name : Fedora Update for openssl FEDORA-2010-18736 File : nvt/gb_fedora_2010_18736_openssl_fc13.nasl |
2010-12-28 | Name : Fedora Update for openssl FEDORA-2010-18765 File : nvt/gb_fedora_2010_18765_openssl_fc14.nasl |
2010-12-28 | Name : RedHat Update for openssl RHSA-2010:0978-01 File : nvt/gb_RHSA-2010_0978-01_openssl.nasl |
2010-12-28 | Name : RedHat Update for openssl RHSA-2010:0977-01 File : nvt/gb_RHSA-2010_0977-01_openssl.nasl |
2010-12-23 | Name : Ubuntu Update for openssl vulnerabilities USN-1029-1 File : nvt/gb_ubuntu_USN_1029_1.nasl |
2010-12-23 | Name : Mandriva Update for openssl MDVSA-2010:248 (openssl) File : nvt/gb_mandriva_MDVSA_2010_248.nasl |
2010-12-02 | Name : Fedora Update for openssl FEDORA-2010-17827 File : nvt/gb_fedora_2010_17827_openssl_fc14.nasl |
2010-11-23 | Name : Ubuntu Update for openssl vulnerability USN-1018-1 File : nvt/gb_ubuntu_USN_1018_1.nasl |
2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17847 File : nvt/gb_fedora_2010_17847_openssl_fc13.nasl |
2010-11-23 | Name : Mandriva Update for openssl MDVSA-2010:238 (openssl) File : nvt/gb_mandriva_MDVSA_2010_238.nasl |
2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-04 openssl File : nvt/esoft_slk_ssa_2011_041_04.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-340-01 openssl File : nvt/esoft_slk_ssa_2010_340_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-326-01 openssl File : nvt/esoft_slk_ssa_2010_326_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73209 | HP Insight Control for Linux Unspecified Remote Privilege Escalation |
70873 | OpenSSH Legacy Certificates Stack Memory Disclosure OpenSSH contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the 'key_certify' function in 'usr.bin/ssh/key.c' fails to initialize the nonce field when generating legacy certificates using the -t command-line option in ssh-keygen, which will disclose stack memory contents to a remote attacker, or allow an attacker to conduct hash collision attacks more easily. |
70847 | OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while parsing malformed ClientHello handshake messages, which may be exploited to trigger an invalid memory access with a crafted ClientHello handshake message. This may allow a remote attacker to cause a denial of service. Certain applications which use SSL may also allow the disclosure of the contents of parsed OCSP extensions. |
69565 | OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Do... OpenSSL contains a flaw related to the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG workaround in the SSL/TLS server code. The issue is triggered when a remote attacker downgrades the cached ciphersuite, leading to the client using a weaker ciphersuite. |
69265 | OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow OpenSSL TLS Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted request, a remote attacker can cause a denial of service and potentially compromise an application using the library. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
2012-04-05 | IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator Severity : Category I - VMSKEY : V0031972 |
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-101119.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-110210.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory2.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0979.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2013-07-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libcurl4-8618.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101116_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101213_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101213_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by a buffer overflow vulnerability. File : openssl_0_9_8p_1_0_0b.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7462.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0677.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote media server is affected by multiple vulnerabilities. File : adobe_fms_4_0_2.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-110210.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-101119.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-101111.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
2011-05-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7463.nasl - Type : ACT_GATHER_INFO |
2011-05-04 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12701.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5865.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5876.nasl - Type : ACT_GATHER_INFO |
2011-04-29 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5878.nasl - Type : ACT_GATHER_INFO |
2011-03-27 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-110210.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1255.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-028.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1064-1.nasl - Type : ACT_GATHER_INFO |
2011-02-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1273.nasl - Type : ACT_GATHER_INFO |
2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2162.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-04.nasl - Type : ACT_GATHER_INFO |
2011-02-09 | Name : The remote web server has an SSL-related denial of service vulnerability. File : openssl_1_0_0d.nasl - Type : ACT_GATHER_INFO |
2011-02-09 | Name : Remote attackers may be able to access sensitive information. File : openssh_58.nasl - Type : ACT_GATHER_INFO |
2011-02-07 | Name : The remote host allows resuming SSL sessions with a weaker cipher than the on... File : openssl_resume_different_cipher.nasl - Type : ACT_ATTACK |
2011-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101116.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO |
2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18736.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0979.nasl - Type : ACT_GATHER_INFO |
2010-12-12 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18765.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-340-01.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1029-1.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-248.nasl - Type : ACT_GATHER_INFO |
2010-12-07 | Name : The remote web server is affected by multiple vulnerabilities. File : openssl_1_0_0c.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101111.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2125.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17847.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17827.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17826.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-326-01.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1018-1.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3042c33af23711df9d020018fe623f2b.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0888.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-238.nasl - Type : ACT_GATHER_INFO |