Summary
This host is installed with OpenSSL and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation will let the attacker cause memory access violation, security bypass or can cause denial of service.
Solution
Upgrade to OpenSSL version 0.9.8k
http://openssl.org
Insight
- error exists in the 'ASN1_STRING_print_ex()' function when printing 'BMPString' or 'UniversalString' strings which causes invalid memory access violation.
- 'CMS_verify' function incorrectly handles an error condition when processing malformed signed attributes.
- error when processing malformed 'ASN1' structures which causes invalid memory access violation.
Affected
OpenSSL version prior to 0.9.8k on all running platform.
References
Severity
Classification
-
CVE CVE-2009-0590, CVE-2009-0591, CVE-2009-0789 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ejabberd XML Parsing Denial of Service Vulnerability (Windows)
- Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
- Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
- ClamAV Remote Denial of Service Vulnerability
- at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability