OpenSSL < 0.9.8za / 1.0.0m / 1.0.1h Integer Underflow Vulnerability

high Log Correlation Engine Plugin ID 801938

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The remote host is running a version of OpenSSL which is vulnerable to an integer underflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via buffer overflow.

Solution

Upgrade to OpenSSL 0.9.8za, 1.0.0m, 1.0.1h, or later.

See Also

https://www.imperialviolet.org/2014/06/05/earlyccs.html

http://openssl.org/news/secadv_20150319.txt

http://ccsinjection.lepidum.co.jp/

http://www.openssl.org/news/vulnerabilities.html#CVE-2015-0292

Plugin Details

Severity: High

ID: 801938

Family: Web Servers

Published: 3/19/2015

Nessus ID: 74363, 73403, 74364

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 3/19/2015

Vulnerability Publication Date: 3/19/2015

Reference Information

CVE: CVE-2015-0292

BID: 73228