On Jan 8, 2004, at 12:16 PM, Axel Thimm wrote:
On Mon, Jan 05, 2004 at 04:14:47PM -0700, Justin R. Northcraft wrote:I have a Fedora system configured with Nessus and OpenSSL. I had installed a
base install of fedora loaded openssl (0.9.7c) then Nessus (2.0.9).
There were no problems during any of the installations.
When I run a Nessus scan against this box the Nessus demon reports a
vulnerability (see below). I'm posting this question because I have
performed the same installation procedures with RedHat 8 and 9 and the
vulnerability does not exist. It seams that the installation of openssl may
not have been placed in the correct file structure???? Any help in finding
the cause of this and correcting the vulnerability is greatly appreciated.
Red Hat ships openssl 0.9.7a with patches for closing this security bugs:
* Wed Sep 24 2003 Nalin Dahyabhai <[EMAIL PROTECTED]>
- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)
and heap corruption (CAN-2003-0545)
It *seems* that they did not fix the "read the certificate the remote host is sending me,
even if I never requested it" bug, which did not get a CAN candidate associated
to it, that's too bad.
-- Renaud
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
