OpenSSL Multiple Vulnerabilities (Win) Network Vulnerability

Summary

This host is installed with OpenSSL and is prone to Multiple Vulnerabilities.

Impact

Successful exploitation will let the attacker cause memory access violation, security bypass or can cause denial of service.

Solution

Upgrade to OpenSSL version 0.9.8k http://openssl.org

Insight

- error exists in the 'ASN1_STRING_print_ex()' function when printing 'BMPString' or 'UniversalString' strings which causes invalid memory access violation. - 'CMS_verify' function incorrectly handles an error condition when processing malformed signed attributes. - error when processing malformed 'ASN1' structures which causes invalid memory access violation.

Affected

OpenSSL version prior to 0.9.8k on all running platform.

References

http://secunia.com/advisories/34411
http://securitytracker.com/alerts/2009/Mar/1021905.html
http://www.openssl.org/news/secadv_20090325.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
Denial of Service vulnerability in AVG Anti-Virus (Linux)
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Apache Connection Blocking Denial of Service

Take action and discover your vulnerabilities