Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2003:011: openssl


Vulnerability Assessment Details

SUSE-SA:2003:011: openssl

Vulnerability Assessment Summary
Check for the version of the openssl package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2003:011 (openssl).


OpenSSL is an implementation of the Secure Sockets Layer and Transport
Layer Security protocols and provides strong cryptography for many
applications in a Linux system. It is a default package in all SUSE
products.

A security weakness has been found, known as 'Vaudenay timing attack
on CBC', named after one of the discoverers (Brice Canvel (EPFL), Alain
Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)).
The weakness may permit a possible hacker to obtain a plaintext data block by
observing timing differences in response to two different error cases
(cipher padding errors vs. MAC verification errors).
In order to exploit this vulnerability, the attacker has to meet certain
requirements: The network connection between client and server must be
of high quality to be able to observe timing differences, the attacker
must be able to perform a man-in-the-middle attack, the transactions
must repeatedly contain the same (encrypted) plain text block (such as
a pop password or alike), and decoding failures in the SSL layer must
not be propagated to the application that is using the SSL connection.
These exploitation conditions considerably reduce the security risk
imposed by the vulnerability. However, we recommend to completely
remedy this weakness by installing the update packages for your system
according to the following guidelines. There does not exist any temporary
workaround for this problem other than applying the update packages.


Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.

Solution : http://www.suse.de/security/2003_011_openssl.html
Network Security Threat Level: Medium

Networks Security ID: 6884, 6946

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


DELL PowerEdge R730 16SFF Server 2x E5-2680v4 2.4GHz =28 Cores 128GB H730 4xRJ45 picture

DELL PowerEdge R730 16SFF Server 2x E5-2680v4 2.4GHz =28 Cores 128GB H730 4xRJ45

$372.00



Dell R630 Server 2x E5-2620 V4 2.1GHz =16 Cores 32GB DDR4 1x 960GB 2x 1G 2x 10G picture

Dell R630 Server 2x E5-2620 V4 2.1GHz =16 Cores 32GB DDR4 1x 960GB 2x 1G 2x 10G

$135.00



DELL PowerEdge R730 8SFF Server 2x E5-2690v4 =28 Cores No RAM/ HDD H730 4xRJ45 picture

DELL PowerEdge R730 8SFF Server 2x E5-2690v4 =28 Cores No RAM/ HDD H730 4xRJ45

$185.00



Dell PowerEdge R630 Server 2x E5-2640v3 2.60Ghz 16-Core 64GB H330 picture

Dell PowerEdge R630 Server 2x E5-2640v3 2.60Ghz 16-Core 64GB H330

$182.65



Dell Poweredge R630 Server 2x E5-2620 V4 =16 Cores | S130 | 32GB RAM | 2x trays picture

Dell Poweredge R630 Server 2x E5-2620 V4 =16 Cores | S130 | 32GB RAM | 2x trays

$169.99



Dell PowerEdge R620 E16S Server 2.5

Dell PowerEdge R620 E16S Server 2.5" 2*Xeon E5-2690 2.9GHz 128GB SEE NOTES

$115.00



DELL PowerEdge 2U R740xd2 26 Bay 3.5

DELL PowerEdge 2U R740xd2 26 Bay 3.5" Server Barebone H730p mini SFP28 1100w

$499.99



Dell PowerEdge R630 8SFF 2xE5-2680V3 2.5Ghz 128GB RAM H730 2x10Gb SFP 2x750W picture

Dell PowerEdge R630 8SFF 2xE5-2680V3 2.5Ghz 128GB RAM H730 2x10Gb SFP 2x750W

$279.99



DELL PowerEdge R730XD Server 2x E5-2690v4 2.6GHz =28 Cores 256GB H730 4xRJ45 picture

DELL PowerEdge R730XD Server 2x E5-2690v4 2.6GHz =28 Cores 256GB H730 4xRJ45

$549.00



DELL PowerEdge R730 Server 2x E5-2697v4 2.3GHz =36 Cores 128GB H730 4xRJ45 picture

DELL PowerEdge R730 Server 2x E5-2697v4 2.3GHz =36 Cores 128GB H730 4xRJ45

$431.00



Discussions

No Discussions have been posted on this vulnerability.