Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:119

The remote host is missing updates announced in
advisory RHSA-2004:119.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project ( has assigned the name
CVE-2004-0081 to this issue.

Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project ( has assigned the name CVE-2003-0851
to this issue.

These updated packages contain patches provided by the OpenSSL group that
protect against these issues.

NOTE: Because server applications are affected by this issue, users are
advised to either restart all services using OpenSSL functionality or
restart their system after installing these updated packages.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0081
BugTraq ID: 9899
Bugtraq: 20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search)
Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search)
Cert/CC Advisory: TA04-078A
CERT/CC vulnerability note: VU#465542
Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability
Conectiva Linux advisory: CLA-2004:834
Debian Security Information: DSA-465 (Google Search)
En Garde Linux Advisory: ESA-20040317-003
RedHat Security Advisories: RHSA-2004:119
SCO Security Bulletin: SCOSA-2004.10
SGI Security Advisory: 20040304-01-U
XForce ISS Database: openssl-tls-dos(15509)
Common Vulnerability Exposure (CVE) ID: CVE-2003-0851
BugTraq ID: 8970
Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search)
CERT/CC vulnerability note: VU#412478
Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities
En Garde Linux Advisory: ESA-20031104-029
NETBSD Security Advisory: NetBSD-SA2004-003
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.