All
I know
open ssl in various forms has a regular appearence on this list but i have
another query. I have recieved the report below from nessus, however this server
in question is running windows and is configured with microsoft ssl out of box
install all patched etc.... any ideas why its flagging openssl as an isssue,
could this be a false postive ?
. List
of open ports :
o https (443/tcp) (Security hole found)
o general/tcp (Security warnings found)
o general/udp (Security notes found)
o https (443/tcp) (Security hole found)
o general/tcp (Security warnings found)
o general/udp (Security notes found)
.
Vulnerability found on port https (443/tcp) :
The remote host seem to be running a version of OpenSSL which is older
than
0.9.6k or 0.9.7c.
There is a heap corruption bug in this version which
might be exploited
by
an
attacker to gain a shell on this host.
by
an
attacker to gain a shell on this host.
Solution : If you are running OpenSSL, Upgrade to
version 0.9.6k or
0.9.7c
or newer
Risk factor : High
CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BID : 8732
Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01,
SuSE:SUSE-SA:2003:043
0.9.7c
or newer
Risk factor : High
CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BID : 8732
Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01,
SuSE:SUSE-SA:2003:043
. Information found on port https (443/tcp)
A SSLv2 server answered on this port
. Information found on port https (443/tcp)
Thanks
in advance
mal
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System.
http://www.messagelabs.com
________________________________________________________________________
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
