English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52777
Category:Fedora Local Security Checks
Title:Fedora Legacy Security Advisory FLSA-2004:1395
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory FLSA-2004:1395.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that
can lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0081 to this issue.

Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851
to this issue.

These updated packages contain patches provided by the OpenSSL group that
protect against these issues.

NOTE: Because server applications are affected by this issue, users are
advised to either restart all services using OpenSSL functionality or
restart their system after installing these updated packages.

Fedora Legacy would like to thank Michal Jaegermann for bringing this issue
to our attention.

Affected platforms:
Redhat 7.2
Redhat 7.3
Redhat 8

Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:1395

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0851
BugTraq ID: 8970
http://www.securityfocus.com/bid/8970
Bugtraq: 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing (Google Search)
http://marc.info/?l=bugtraq&m=106796246511667&w=2
Bugtraq: 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108403850228012&w=2
CERT/CC vulnerability note: VU#412478
http://www.kb.cert.org/vuls/id/412478
Cisco Security Advisory: 20030930 SSL Implementation Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
En Garde Linux Advisory: ESA-20031104-029
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
NETBSD Security Advisory: NetBSD-SA2004-003
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
RedHat Security Advisories: RHSA-2004:119
http://rhn.redhat.com/errata/RHSA-2004-119.html
http://secunia.com/advisories/17381
SGI Security Advisory: 20040304-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
Common Vulnerability Exposure (CVE) ID: CVE-2004-0081
BugTraq ID: 9899
http://www.securityfocus.com/bid/9899
Bugtraq: 20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004] (Google Search)
http://marc.info/?l=bugtraq&m=107955049331965&w=2
Cert/CC Advisory: TA04-078A
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
CERT/CC vulnerability note: VU#465542
http://www.kb.cert.org/vuls/id/465542
Cisco Security Advisory: 20040317 Cisco OpenSSL Implementation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
Conectiva Linux advisory: CLA-2004:834
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
Debian Security Information: DSA-465 (Google Search)
http://www.debian.org/security/2004/dsa-465
En Garde Linux Advisory: ESA-20040317-003
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
http://fedoranews.org/updates/FEDORA-2004-095.shtml
http://security.gentoo.org/glsa/glsa-200403-03.xml
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
http://www.redhat.com/support/errata/RHSA-2004-120.html
http://www.redhat.com/support/errata/RHSA-2004-121.html
http://www.redhat.com/support/errata/RHSA-2004-139.html
SCO Security Bulletin: SCOSA-2004.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
http://secunia.com/advisories/11139
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
http://www.trustix.org/errata/2004/0012
XForce ISS Database: openssl-tls-dos(15509)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.