Oval Definition:	oval:org.mitre.oval:tst:35457
Comment: openssl-devel is earlier than 0:0.9.7a-43.17.el4_6.1 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:13920 State: oval:org.mitre.oval:ste:10639 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9984 V The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. 2013-04-29 oval:org.mitre.oval:def:10904 V Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. 2013-04-29
BACK