Denial of Service : OpenSSL: Denial of Service in ASN.1 parsing (CVE-2003-0851)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.112919

Categoría: Denial of Service

Título: OpenSSL: Denial of Service in ASN.1 parsing (CVE-2003-0851) - Windows

Resumen: OpenSSL is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
OpenSSL is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
A flaw in OpenSSL would cause certain ASN.1 sequences to trigger
a large recursion. On platforms such as Windows this large recursion cannot be handled correctly
and so the bug causes OpenSSL to crash.

Vulnerability Impact:
A remote attacker could exploit this flaw if they can
send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for
example by sending a client certificate to a SSL/TLS enabled server which is configured to accept
them.

Affected Software/OS:
OpenSSL 0.9.6k.

Solution:
Update to version 0.9.6l or later. See the references for
more details.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0851
BugTraq ID: 8970
http://www.securityfocus.com/bid/8970
Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search)
http://marc.info/?l=bugtraq&m=106796246511667&w=2
Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108403850228012&w=2
CERT/CC vulnerability note: VU#412478
http://www.kb.cert.org/vuls/id/412478
Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
En Garde Linux Advisory: ESA-20031104-029
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
NETBSD Security Advisory: NetBSD-SA2004-003
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
RedHat Security Advisories: RHSA-2004:119
http://rhn.redhat.com/errata/RHSA-2004-119.html
http://secunia.com/advisories/17381
SGI Security Advisory: 20040304-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.112919
Categoría:	Denial of Service
Título:	OpenSSL: Denial of Service in ASN.1 parsing (CVE-2003-0851) - Windows
Resumen:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: A flaw in OpenSSL would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. Vulnerability Impact: A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. Affected Software/OS: OpenSSL 0.9.6k. Solution: Update to version 0.9.6l or later. See the references for more details. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0851 BugTraq ID: 8970 http://www.securityfocus.com/bid/8970 Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search) http://marc.info/?l=bugtraq&m=106796246511667&w=2 Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108403850228012&w=2 CERT/CC vulnerability note: VU#412478 http://www.kb.cert.org/vuls/id/412478 Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml En Garde Linux Advisory: ESA-20031104-029 http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html NETBSD Security Advisory: NetBSD-SA2004-003 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528 RedHat Security Advisories: RHSA-2004:119 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/17381 SGI Security Advisory: 20040304-01-U ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
Copyright	Copyright (C) 2021 Greenbone Networks GmbH