Download
| Alert*
oval:org.secpod.oval:def:846
The host is installed with OpenSSL and is prone to remote code execution vulnerability. A flaw is present in ssl3_get_key_exchange function, which fails to correctly implement ECDH algorithm. Successful exploitation allow remote attackers to execute arbitrary code and cause denial of service via a ... oval:org.secpod.oval:def:600148 George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution , this problem has been fixed in version 0.9.8g-15+lenny8. For the unstable distribution , this pr ... oval:org.secpod.oval:def:700149 It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LT ... oval:org.secpod.oval:def:301137 A vulnerability has been found and corrected in openssl: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly ... |