Executive Summary
Summary | |
---|---|
Title | New openssl095 packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-394 | First vendor Publication | 2003-10-11 |
Vendor | Debian | Last vendor Modification | 2003-10-11 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC). A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2003-0543: Integer overflow in OpenSSL that allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. CAN-2003-0544: OpenSSL does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. CAN-2003-0545: Double-free vulnerability allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. This bug was only present in OpenSSL 0.9.7 and is listed here only for reference. For the stable distribution (woody) this problem has been fixed in openssl095 version 0.9.5a-6.woody.3. This package is not present in the unstable (sid) or testing (sarge) distribution. We recommend that you upgrade your libssl095a packages and restart services using this library. Debian doesn't ship any packages that are linked against this library. The following commandline (courtesy of Ray Dassen) produces a list of names of running processes that have libssl095 mapped into their memory space: find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \; \ | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | \ sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniq You should restart the associated services. |
Original Source
Url : http://www.debian.org/security/2003/dsa-394 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-415 | Double Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2590 | |||
Oval ID: | oval:org.mitre.oval:def:2590 | ||
Title: | OpenSSL Double-free Vulnerability | ||
Description: | Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0545 | Version: | 3 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | Sun Cluster |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4254 | |||
Oval ID: | oval:org.mitre.oval:def:4254 | ||
Title: | OpenSSL Integer Overflow Vulnerability | ||
Description: | Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0543 | Version: | 3 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | Sun Cluster |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4574 | |||
Oval ID: | oval:org.mitre.oval:def:4574 | ||
Title: | OpenSSL ASN.1 Inputs Character Tracking Vulnerability | ||
Description: | OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0544 | Version: | 3 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | Sun Cluster |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5292 | |||
Oval ID: | oval:org.mitre.oval:def:5292 | ||
Title: | Multiple Vendor OpenSSL 0.9.6, 0.9.7 ASN.1 Vulnerabilities | ||
Description: | Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2003-0543 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for AAA Server HPSBUX00286 File : nvt/gb_hp_ux_HPSBUX00286.nasl |
2009-05-05 | Name : HP-UX Update for HP WEBM Services HPSBUX00288 File : nvt/gb_hp_ux_HPSBUX00288.nasl |
2009-05-05 | Name : HP-UX Update for BIND v920 HPSBUX00290 File : nvt/gb_hp_ux_HPSBUX00290.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 393-1 (openssl) File : nvt/deb_393_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 394-1 (openssl095) File : nvt/deb_394_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3949 | OpenSSL ASN.1 Integer Overflow DoS A remote overflow exists in OpenSSL. OpenSSL fails to correctly handle error conditions in ASN.1 tags in SSL client certificates, resulting in a integer overflow. With a specially crafted request, an attacker can cause a denial of service in OpenSSL or an application using it, resulting in a loss of availability. |
3686 | OpenSSL ASN.1 Client Certificate Overflow DoS A remote overflow exists in OpenSSL. OpenSSL fails to correctly parse ASN.1 tags in OpenSSL client certificates, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service in OpenSSL or an application using it, resulting in a loss of availability. |
3684 | OpenSSL ASN.1 Client Certificate Double-free A double-free memory allocation error allows remote attackers to cause a denial of service (crash) and may allow the execution of arbitrary code via an SSL client certificate with crafted invalid ASN.1 encoding. |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-17 | Novell iManager ASN.1 client hello parsing denial of service attempt RuleID : 51027 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-04 | Name : Arbitrary code could be executed on the remote server. File : openssl_0_9_7c.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is vulnerable to a denial of service attack. File : openssl_0_9_6k.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29691.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29891.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29892.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29893.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_30055.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_30056.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_30057.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_30058.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_31726.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29690.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_29894.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-394.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-393.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-098.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_043.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-293.nasl - Type : ACT_GATHER_INFO |
2003-10-10 | Name : The remote host is affected by a heap corruption vulnerability. File : ssltest.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:55 |
|