Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSSL, Nessus and Fedora

from [Justin R. Northcraft] Network Security [Permanent Link]
Subject: OpenSSL, Nessus and Fedora
Date: Mon, 5 Jan 2004 16:14:47 -0700 
I have a Fedora system configured with Nessus and OpenSSL. I had installed a
base install of fedora loaded openssl (0.9.7c) then Nessus (2.0.9).
There were no problems during any of the installations. 

When I run a Nessus scan against this box the Nessus demon reports a
vulnerability (see below). I'm posting this question because I have
performed the same installation procedures with RedHat 8 and 9 and the
vulnerability does not exist. It seams that the installation of openssl may
not have been placed in the correct file structure???? Any help in finding
the cause of this and correcting the vulnerability is greatly appreciated.




----------NESSUS RESULTS----------
(1241/tcp)
High
The remote host seem to be running a version of OpenSSL which is older than
0.9.6k or 0.9.7c. 

There is a heap corruption bug in this version which might be exploited by
an
attacker to gain a shell on this host.

Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c
or newer
Risk factor : High
CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BID : 8732
Other references : IAVA:2003-A-0027, RHSA:RHSA-2003:291-01,
SuSE:SUSE-SA:2003:043
-----------NESSUS RESULTS----------







-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • OpenSSL, Nessus and Fedora, Justin R. Northcraft <=
Previous by Date:  Plugin 22194 interpretation, Patrice . Arnal
Next by Date:  IE6 VML Vulnerability, how2 vuln
Previous by Thread:  Plugin 22194 interpretation, Patrice . Arnal
Next by Thread:  IE6 VML Vulnerability, how2 vuln
Indexes:  [Date] [Thread] [Top] [All Lists]