ID

VAR-200208-0144


CVE

CVE-2002-0659


TITLE

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Trust: 0.8

sources: CERT/CC: VU#748355

DESCRIPTION

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library

Trust: 2.7

sources: NVD: CVE-2002-0659 // CERT/CC: VU#748355 // JVNDB: JVNDB-2002-000174 // BID: 5366 // VULHUB: VHN-5050

AFFECTED PRODUCTS

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 1.8

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 1.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 1.3

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.3

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.3

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:*

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2.1s

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:guardian digitalmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:iscmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openldapmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:secure computingmodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:trustixmodel: - scope: - version: -

Trust: 0.8

vendor:iscmodel:bindscope:lteversion:9.1.3

Trust: 0.8

vendor:iscmodel:bindscope:lteversion:9.2.2

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6d

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9ias

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq3scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:hpmodel:internet express eakscope:eqversion:2.0

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.1

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.3

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.3

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:neversion:6.0.3

Trust: 0.3

vendor:ibmmodel:linux affinity toolkitscope: - version: -

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:hpmodel:openssl for openvms alphascope:eqversion:1.0

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:neversion:0.9.7

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:securecomputingmodel:safeword premieraccessscope:eqversion:3.1

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.4

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.3

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:novellmodel:netmail bscope:eqversion:3.10

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2.2

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.2

Trust: 0.3

vendor:netbsdmodel:betascope:eqversion:1.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:novellmodel:netmail escope:neversion:3.10

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.6

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:eqversion:5.8.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:novellmodel:netmail ascope:eqversion:3.10

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:eqversion:6.0.1

Trust: 0.3

vendor:novellmodel:netmailscope:eqversion:3.10

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl gscope:neversion:0.9.6

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.2

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.1

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:1.0

Trust: 0.3

vendor:novellmodel:netmail cscope:eqversion:3.10

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl escope:neversion:0.9.6

Trust: 0.3

vendor:operamodel:software opera web browser linuxscope:eqversion:6.0.2

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 0.3

vendor:junipermodel:sdx-300scope:eqversion:3.1.1

Trust: 0.3

vendor:hpmodel:tru64 unix internet expressscope:eqversion:5.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvmsscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:openssl for openvms alpha -ascope:neversion:1.0

Trust: 0.3

vendor:junipermodel:sdx-300scope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.2

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope: - version: -

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.5

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.2

Trust: 0.3

vendor:iscmodel:bindscope:neversion:9.2.1

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 0.3

vendor:novellmodel:netmail dscope:eqversion:3.10

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.1-1

Trust: 0.3

vendor:hpmodel:secure os software for linuxscope:eqversion:1.0

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:s u s emodel:suse email serverscope:eqversion:3.1

Trust: 0.3

vendor:operamodel:software opera web browser win32scope:neversion:6.0.3

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:5.5

Trust: 0.3

sources: CERT/CC: VU#748355 // BID: 5366 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0659
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#748355
value: 31.33

Trust: 0.8

NVD: CVE-2002-0659
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200208-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5050
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0659
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#748355 // VULHUB: VHN-5050 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-052

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5366 // CNNVD: CNNVD-200208-052

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000174

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5050

PATCH

title:secadv_20020730url:http://www.openssl.org/news/secadv_20020730.txt

Trust: 0.8

title:#37url:http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html

Trust: 0.8

title:RHSA-2002:160url:http://rhn.redhat.com/errata/RHSA-2002-160.html

Trust: 0.8

title:46424url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1

Trust: 0.8

title:ISC Information for VU#748355url:http://www.kb.cert.org/vuls/id/JSHA-5CSL3X

Trust: 0.8

title:RHSA-2002:160url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-160J.html

Trust: 0.8

sources: JVNDB: JVNDB-2002-000174

EXTERNAL IDS

db:BIDid:5366

Trust: 3.6

db:CERT/CCid:VU#748355

Trust: 3.3

db:NVDid:CVE-2002-0659

Trust: 2.8

db:JVNDBid:JVNDB-2002-000174

Trust: 0.8

db:REDHATid:RHSA-2002:160

Trust: 0.6

db:REDHATid:RHSA-2002:164

Trust: 0.6

db:REDHATid:RHSA-2002:161

Trust: 0.6

db:CONECTIVAid:CLA-2002:516

Trust: 0.6

db:CERT/CCid:CA-2002-23

Trust: 0.6

db:CALDERAid:CSSA-2002-033.0

Trust: 0.6

db:CALDERAid:CSSA-2002-033.1

Trust: 0.6

db:FREEBSDid:FREEBSD-SA-02:33

Trust: 0.6

db:XFid:1

Trust: 0.6

db:CNNVDid:CNNVD-200208-052

Trust: 0.6

db:EXPLOIT-DBid:23199

Trust: 0.1

db:VULHUBid:VHN-5050

Trust: 0.1

sources: CERT/CC: VU#748355 // VULHUB: VHN-5050 // BID: 5366 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

REFERENCES

url:http://www.securityfocus.com/bid/5366

Trust: 4.3

url:http://www.cert.org/advisories/ca-2002-23.html

Trust: 3.5

url:http://www.kb.cert.org/vuls/id/748355

Trust: 3.5

url:http://rhn.redhat.com/errata/rhsa-2002-160.html

Trust: 3.0

url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt

Trust: 2.7

url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt

Trust: 2.7

url:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc

Trust: 2.7

url:http://rhn.redhat.com/errata/rhsa-2002-161.html

Trust: 2.7

url:http://rhn.redhat.com/errata/rhsa-2002-164.html

Trust: 2.7

url:http://www.iss.net/security_center/static/9718.php

Trust: 2.7

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516

Trust: 2.6

url:ftp://ftp.openssl.org/source/

Trust: 0.8

url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz

Trust: 0.8

url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.asc

Trust: 0.8

url:ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.md5

Trust: 0.8

url:http://www.ciac.org/ciac/bulletins/m-103.shtml

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0659

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023101.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023201.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023601.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023001.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnca-2002-23

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0659

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030416_114510.html

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030424_144742.html

Trust: 0.8

url:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm

Trust: 0.3

url:http://otn.oracle.com/deploy/security/htdocs/opensslalert.html

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=120139

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=120141

Trust: 0.3

url: -

Trust: 0.1

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516

Trust: 0.1

sources: CERT/CC: VU#748355 // VULHUB: VHN-5050 // BID: 5366 // JVNDB: JVNDB-2002-000174 // CNNVD: CNNVD-200208-052 // NVD: CVE-2002-0659

CREDITS

James Yonan※ jim@ntlp.com※Adi Stav※ stav@mercury.co.il

Trust: 0.6

sources: CNNVD: CNNVD-200208-052

SOURCES

db:CERT/CCid:VU#748355
db:VULHUBid:VHN-5050
db:BIDid:5366
db:JVNDBid:JVNDB-2002-000174
db:CNNVDid:CNNVD-200208-052
db:NVDid:CVE-2002-0659

LAST UPDATE DATE

2024-11-22T22:20:34.112000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#748355date:2002-09-30T00:00:00
db:VULHUBid:VHN-5050date:2008-09-10T00:00:00
db:BIDid:5366date:2009-07-11T14:56:00
db:JVNDBid:JVNDB-2002-000174date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200208-052date:2006-09-21T00:00:00
db:NVDid:CVE-2002-0659date:2024-11-20T23:39:34.700

SOURCES RELEASE DATE

db:CERT/CCid:VU#748355date:2002-07-30T00:00:00
db:VULHUBid:VHN-5050date:2002-08-12T00:00:00
db:BIDid:5366date:2002-07-30T00:00:00
db:JVNDBid:JVNDB-2002-000174date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200208-052date:2002-07-30T00:00:00
db:NVDid:CVE-2002-0659date:2002-08-12T04:00:00