I have a Fedora system configured with Nessus and OpenSSL. I had installed a base install of fedora loaded openssl (0.9.7c) then Nessus (2.0.9). There were no problems during any of the installations. When I run a Nessus scan against this box the Nessus demon reports a vulnerability (see below). I'm posting this question because I have performed the same installation procedures with RedHat 8 and 9 and the vulnerability does not exist. It seams that the installation of openssl may not have been placed in the correct file structure???? Any help in finding the cause of this and correcting the vulnerability is greatly appreciated. ----------NESSUS RESULTS---------- (1241/tcp) High The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. There is a heap corruption bug in this version which might be exploited by an attacker to gain a shell on this host. Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer Risk factor : High CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 BID : 8732 Other references : IAVA:2003-A-0027, RHSA:RHSA-2003:291-01, SuSE:SUSE-SA:2003:043 -----------NESSUS RESULTS----------
