用x-scan扫描日本ip 段一主机子,得到如下信息,这个漏洞怎么利用,用什么工具入侵?
漏洞 www (443/tcp) 远程主机似乎运行着低于0.6.6k或0.9.7c版本的OpenSSL。
这些低版本的OpenSSL存在堆溢出漏洞,该漏洞可导致远程攻击者获得系统的shell。
解决方案 : 更新你的OpenSSL到0.9.6k/0.9.7c或更高版本。
风险等级 : 高
___________________________________________________________________
The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
There is a heap corruption bug in this version which might be exploited by an
attacker to gain a shell on this host.
Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer
Risk factor : High
CVE_ID : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BUGTRAQ_ID : 8732
NESSUS_ID : 11875
Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01, SuSE:SUSE-SA:2003:043
|
