Paketname
libnasl
Datum
2009-10-12
Advisory ID
MDVSA-2009:271
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

A vulnerability has been found and corrected in libnasl:

nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library
(aka libnasl) 2.2.11 does not properly check the return value from
the OpenSSL DSA_do_verify function, which allows remote attackers to
bypass validation of the certificate chain via a malformed SSL/TLS
signature, a similar vulnerability to CVE-2008-5077 (CVE-2009-0125).

This update fixes this vulnerability.

Aktualisierte Pakete

CS4.0 x86_64

 11e767b9e52c2971e416d3c1207cc602  corporate/4.0/x86_64/lib64nasl2-2.2.4-1.1.20060mlcs4.x86_64.rpm
 105602aac8d6f82ea356916778f64c7c  corporate/4.0/x86_64/lib64nasl2-devel-2.2.4-1.1.20060mlcs4.x86_64.rpm 
 727b1ff5b789fcce219553b95e1870a0  corporate/4.0/SRPMS/libnasl-2.2.4-1.1.20060mlcs4.src.rpm

CS4.0 i586

 5d0a75952ac9fa3c8fcf62a00bd072c1  corporate/4.0/i586/libnasl2-2.2.4-1.1.20060mlcs4.i586.rpm
 49a5d1e0e484d36e5fdd31cfeff734b0  corporate/4.0/i586/libnasl2-devel-2.2.4-1.1.20060mlcs4.i586.rpm 
 727b1ff5b789fcce219553b95e1870a0  corporate/4.0/SRPMS/libnasl-2.2.4-1.1.20060mlcs4.src.rpm

Referenzen