Sign-up

ID

VAR-200208-0144


CVE

CVE-2002-0659


TITLE

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Trust: 0.8

sources: CERT/CC: VU#748355

DESCRIPTION

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library

Trust: 2.7

sources: NVD: CVE-2002-0659 // CERT/CC: VU#748355 // JVNDB: JVNDB-2002-000174 // BID: 5366 // VULHUB: VHN-5050

AFFECTED PRODUCTS

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 1.8

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 1.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 1.3

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.3

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.1

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2.1s

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.3

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:guardian digitalmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:iscmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openldapmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:secure computingmodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:trustixmodel: - scope: - version: -

Trust: 0.8

vendor:iscmodel:bindscope:lteversion:9.1.3

Trust: 0.8

vendor:iscmodel:bindscope:lteversion:9.2.2

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6d

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9ias

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq3scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:hpmodel:internet express eakscope:eqversion:2.0

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.1

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.3

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.3

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:neversion:6.0.3

Trust: 0.3

vendor:ibmmodel:linux affinity toolkitscope: - version: -

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:hpmodel:openssl for openvms alphascope:eqversion:1.0

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:neversion:0.9.7

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:securecomputingmodel:safeword premieraccessscope:eqversion:3.1

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.4

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.3

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:novellmodel:netmail bscope:eqversion:3.10

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2.2

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.2

Trust: 0.3

vendor:netbsdmodel:betascope:eqversion:1.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:novellmodel:netmail escope:neversion:3.10

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.6

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:eqversion:5.8.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:novellmodel:netmail ascope:eqversion:3.10

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.1

Trust: 0.3

vendor:novellmodel:netmailscope:eqversion:3.10

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl gscope:neversion:0.9.6

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.2

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.1

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:1.0

Trust: 0.3

vendor:novellmodel:netmail cscope:eqversion:3.10

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl escope:neversion:0.9.6

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.2

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 0.3

vendor:junipermodel:sdx-300scope:eqversion:3.1.1

Trust: 0.3

vendor:hpmodel:tru64 unix internet expressscope:eqversion:5.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvmsscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:openssl for openvms alpha -ascope:neversion:1.0

Trust: 0.3

vendor:junipermodel:sdx-300scope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.2

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope: - version: -

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.5

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.2

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2.1

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 0.3

vendor:novellmodel:netmail dscope:eqversion:3.10

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.1-1

Trust: 0.3

vendor:hpmodel:secure os software for linuxscope:eqversion:1.0

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:s u s emodel:suse email serverscope:eqversion:3.1

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:neversion:6.0.3

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.5

Trust: 0.3

sources: CERT/CC: VU#748355 // BID: 5366 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0659
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#748355
value: 31.33

Trust: 0.8

NVD: CVE-2002-0659
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200208-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5050
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0659
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#748355 // VULHUB: VHN-5050 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-052

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5366 // CNNVD: CNNVD-200208-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000174

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-5050

PATCH
title:secadv_20020730url:http://www.openssl.org/news/secadv_20020730.txt
Trust: 0.8
title:#37url:http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html
Trust: 0.8
title:RHSA-2002:160url:http://rhn.redhat.com/errata/RHSA-2002-160.html
Trust: 0.8
title:46424url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1
Trust: 0.8
title:ISC Information for VU#748355url:http://www.kb.cert.org/vuls/id/JSHA-5CSL3X
Trust: 0.8
title:RHSA-2002:160url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-160J.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2002-000174

EXTERNAL IDS
db:BIDid:5366
Trust: 3.6
db:CERT/CCid:VU#748355
Trust: 3.3
db:NVDid:CVE-2002-0659
Trust: 2.8
db:JVNDBid:JVNDB-2002-000174
Trust: 0.8
db:REDHATid:RHSA-2002:160
Trust: 0.6
db:REDHATid:RHSA-2002:164
Trust: 0.6
db:REDHATid:RHSA-2002:161
Trust: 0.6
db:CONECTIVAid:CLA-2002:516
Trust: 0.6
db:CERT/CCid:CA-2002-23
Trust: 0.6
db:CALDERAid:CSSA-2002-033.0
Trust: 0.6
db:CALDERAid:CSSA-2002-033.1
Trust: 0.6
db:FREEBSDid:FREEBSD-SA-02:33
Trust: 0.6
db:XFid:1
Trust: 0.6
db:CNNVDid:CNNVD-200208-052
Trust: 0.6
db:EXPLOIT-DBid:23199
Trust: 0.1
db:VULHUBid:VHN-5050
Trust: 0.1
sources:
            
            
            CERT/CC: VU#748355 // 
            
            
            
            VULHUB: VHN-5050 // 
            
            
            
            BID: 5366 // 
            
            
            
            JVNDB: JVNDB-2002-000174 // 
            
            
            
            CNNVD: CNNVD-200208-052 // 
            
            
            
            NVD: CVE-2002-0659

REFERENCES
url:http://www.securityfocus.com/bid/5366
Trust: 3.3
url:http://www.cert.org/advisories/ca-2002-23.html
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/748355
Trust: 2.5
url:http://rhn.redhat.com/errata/rhsa-2002-160.html
Trust: 2.0
url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt
Trust: 1.7
url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt
Trust: 1.7
url:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2002-161.html
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2002-164.html
Trust: 1.7
url:http://www.iss.net/security_center/static/9718.php
Trust: 1.7
url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
Trust: 1.6
url:ftp://ftp.openssl.org/source/
Trust: 0.8
url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz
Trust: 0.8
url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.asc
Trust: 0.8
url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.md5
Trust: 0.8
url:http://www.ciac.org/ciac/bulletins/m-103.shtml
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0659
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr023101.txt
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr023201.txt
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr023601.txt
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr023001.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnca-2002-23
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0659
Trust: 0.8
url:http://www.cyberpolice.go.jp/important/20030416_114510.html
Trust: 0.8
url:http://www.cyberpolice.go.jp/important/20030424_144742.html
Trust: 0.8
url:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm
Trust: 0.3
url:http://otn.oracle.com/deploy/security/htdocs/opensslalert.html
Trust: 0.3
url:http://docs.info.apple.com/article.html?artnum=120139
Trust: 0.3
url:http://docs.info.apple.com/article.html?artnum=120141
Trust: 0.3
url: - 
Trust: 0.1
url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
Trust: 0.1
sources:
            
            
            CERT/CC: VU#748355 // 
            
            
            
            VULHUB: VHN-5050 // 
            
            
            
            BID: 5366 // 
            
            
            
            JVNDB: JVNDB-2002-000174 // 
            
            
            
            CNNVD: CNNVD-200208-052 // 
            
            
            
            NVD: CVE-2002-0659

CREDITS
James Yonan※ jim@ntlp.com※Adi Stav※ stav@mercury.co.il
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200208-052

SOURCES
db:CERT/CCid:VU#748355
db:VULHUBid:VHN-5050
db:BIDid:5366
db:JVNDBid:JVNDB-2002-000174
db:CNNVDid:CNNVD-200208-052
db:NVDid:CVE-2002-0659

LAST UPDATE DATE
2024-08-14T12:37:02.753000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#748355date:2002-09-30T00:00:00
db:VULHUBid:VHN-5050date:2008-09-10T00:00:00
db:BIDid:5366date:2009-07-11T14:56:00
db:JVNDBid:JVNDB-2002-000174date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200208-052date:2006-09-21T00:00:00
db:NVDid:CVE-2002-0659date:2008-09-10T19:12:40.273

SOURCES RELEASE DATE
db:CERT/CCid:VU#748355date:2002-07-30T00:00:00
db:VULHUBid:VHN-5050date:2002-08-12T00:00:00
db:BIDid:5366date:2002-07-30T00:00:00
db:JVNDBid:JVNDB-2002-000174date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200208-052date:2002-07-30T00:00:00
db:NVDid:CVE-2002-0659date:2002-08-12T04:00:00