Denial of Service : OpenSSL: Vulnerabilities in ASN.1 parsing (CVE-2003-0543, CVE-2003-0544)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.112916

Categoría: Denial of Service

Título: OpenSSL: Vulnerabilities in ASN.1 parsing (CVE-2003-0543, CVE-2003-0544) - Linux

Resumen: OpenSSL is prone to multiple denial of service (DoS) vulnerabilities.

Descripción: Summary:
OpenSSL is prone to multiple denial of service (DoS) vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- An integer overflow could allow remote attackers to cause a denial of service (crash) via an
SSL client certificate with certain ASN.1 tag values.

- Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote
attackers to cause a denial of service (crash) by sending an SSL client certificate that causes
OpenSSL to read past the end of a buffer when the long form is used.

Affected Software/OS:
OpenSSL version 0.9.6 through 0.9.6j and 0.9.7 through 0.9.7b.

Solution:
Update to version 0.9.6.k, 0.9.7c or later. See the references for
more details.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0543
BugTraq ID: 8732
http://www.securityfocus.com/bid/8732
http://www.cert.org/advisories/CA-2003-26.html
CERT/CC vulnerability note: VU#255484
http://www.kb.cert.org/vuls/id/255484
Debian Security Information: DSA-393 (Google Search)
http://www.debian.org/security/2003/dsa-393
Debian Security Information: DSA-394 (Google Search)
http://www.debian.org/security/2003/dsa-394
En Garde Linux Advisory: ESA-20030930-027
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292
http://www.redhat.com/support/errata/RHSA-2003-291.html
http://www.redhat.com/support/errata/RHSA-2003-292.html
http://secunia.com/advisories/22249
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
http://www.vupen.com/english/advisories/2006/3900
Common Vulnerability Exposure (CVE) ID: CVE-2003-0544
CERT/CC vulnerability note: VU#380864
http://www.kb.cert.org/vuls/id/380864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574
XForce ISS Database: openssl-asn1-sslclient-dos(43041)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43041

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.112916
Categoría:	Denial of Service
Título:	OpenSSL: Vulnerabilities in ASN.1 parsing (CVE-2003-0543, CVE-2003-0544) - Linux
Resumen:	OpenSSL is prone to multiple denial of service (DoS) vulnerabilities.
Descripción:	Summary: OpenSSL is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. - Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Affected Software/OS: OpenSSL version 0.9.6 through 0.9.6j and 0.9.7 through 0.9.7b. Solution: Update to version 0.9.6.k, 0.9.7c or later. See the references for more details. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0543 BugTraq ID: 8732 http://www.securityfocus.com/bid/8732 http://www.cert.org/advisories/CA-2003-26.html CERT/CC vulnerability note: VU#255484 http://www.kb.cert.org/vuls/id/255484 Debian Security Information: DSA-393 (Google Search) http://www.debian.org/security/2003/dsa-393 Debian Security Information: DSA-394 (Google Search) http://www.debian.org/security/2003/dsa-394 En Garde Linux Advisory: ESA-20030930-027 http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292 http://www.redhat.com/support/errata/RHSA-2003-291.html http://www.redhat.com/support/errata/RHSA-2003-292.html http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www.vupen.com/english/advisories/2006/3900 Common Vulnerability Exposure (CVE) ID: CVE-2003-0544 CERT/CC vulnerability note: VU#380864 http://www.kb.cert.org/vuls/id/380864 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574 XForce ISS Database: openssl-asn1-sslclient-dos(43041) https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
Copyright	Copyright (C) 2021 Greenbone Networks GmbH