ID

VAR-200208-0243


CVE

CVE-2002-0655


TITLE

OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process

Trust: 0.8

sources: CERT/CC: VU#561275

DESCRIPTION

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS. Vulnerabilities --------------- All four of these are potentially remotely exploitable. 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. 4. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4. In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them. Who is affected? ---------------- Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable. SSLeay is probably also affected. Recommendations --------------- Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS. A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/). Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos. Client should be disabled altogether until the patches are applied. Known Exploits -------------- There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code. References ---------- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657 Acknowledgements ---------------- The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. The patch and advisory were prepared by Ben Laurie. Advisory 2 ========== Vulnerabilities --------------- The ASN1 parser can be confused by supplying it with certain invalid encodings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue. Who is affected? ---------------- Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations --------------- Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL. Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL. Exploits -------- There are no known exploits for this vulnerability. References ---------- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 Acknowledgements ---------------- This vulnerability was discovered by Adi Stav <stav@mercury.co.il> and James Yonan <jim@ntlp.com> independently. The patch is partly based on a version by Adi Stav. The patch and advisory were prepared by Dr. Stephen Henson. Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt

Trust: 3.51

sources: NVD: CVE-2002-0655 // CERT/CC: VU#561275 // CERT/CC: VU#308891 // JVNDB: JVNDB-2002-000171 // BID: 5364 // VULHUB: VHN-5046 // PACKETSTORM: 169647

AFFECTED PRODUCTS

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 1.9

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 1.9

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:debianmodel: - scope: - version: -

Trust: 1.6

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 1.6

vendor:guardian digitalmodel: - scope: - version: -

Trust: 1.6

vendor:hewlett packardmodel: - scope: - version: -

Trust: 1.6

vendor:ibmmodel: - scope: - version: -

Trust: 1.6

vendor:junipermodel: - scope: - version: -

Trust: 1.6

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 1.6

vendor:netbsdmodel: - scope: - version: -

Trust: 1.6

vendor:openldapmodel: - scope: - version: -

Trust: 1.6

vendor:openpkgmodel: - scope: - version: -

Trust: 1.6

vendor:opensslmodel: - scope: - version: -

Trust: 1.6

vendor:oraclemodel: - scope: - version: -

Trust: 1.6

vendor:red hatmodel: - scope: - version: -

Trust: 1.6

vendor:secure computingmodel: - scope: - version: -

Trust: 1.6

vendor:susemodel: - scope: - version: -

Trust: 1.6

vendor:trustixmodel: - scope: - version: -

Trust: 1.6

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.3

Trust: 1.6

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.2

Trust: 1.6

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.0

vendor:oraclemodel:corporate time outlook connectorscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.2.1s

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.3

Trust: 1.0

vendor:iscmodel: - scope: - version: -

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.1.x

Trust: 0.8

vendor:iscmodel:bindscope:lteversion:9.2.2

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6d

Trust: 0.8

vendor:oraclemodel:application serverscope:lteversion:1.0.2.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9ias

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:8.1.7

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:8.1.7.1

Trust: 0.8

vendor:oraclemodel:databasescope:lteversion:9.2.0

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq3scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:sunmodel:crypto acceleratorscope:eqversion:1000

Trust: 0.3

vendor:securemodel:computing safeword premieraccessscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope: - version: -

Trust: 0.3

vendor:oraclemodel:http server for serverscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.3

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.2

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1.1

Trust: 0.3

vendor:oraclemodel:corporatetime outlook connectorscope:eqversion:3.1

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:novellmodel:netmail dscope:eqversion:3.10

Trust: 0.3

vendor:novellmodel:netmail cscope:eqversion:3.10

Trust: 0.3

vendor:novellmodel:netmail bscope:eqversion:3.10

Trust: 0.3

vendor:novellmodel:netmail ascope:eqversion:3.10

Trust: 0.3

vendor:novellmodel:netmailscope:eqversion:3.10

Trust: 0.3

vendor:junipermodel:networks t-series router t640scope: - version: -

Trust: 0.3

vendor:junipermodel:networks t-series router t320scope: - version: -

Trust: 0.3

vendor:junipermodel:networks sdx-300scope:eqversion:3.1.1

Trust: 0.3

vendor:junipermodel:networks sdx-300scope:eqversion:3.1

Trust: 0.3

vendor:junipermodel:networks m-series router m5scope: - version: -

Trust: 0.3

vendor:junipermodel:networks m-series router m40escope: - version: -

Trust: 0.3

vendor:junipermodel:networks m-series router m40scope: - version: -

Trust: 0.3

vendor:junipermodel:networks m-series router m20scope: - version: -

Trust: 0.3

vendor:junipermodel:networks m-series router m160scope: - version: -

Trust: 0.3

vendor:junipermodel:networks m-series router m10scope: - version: -

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.6

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.5

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.4

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.3

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.2

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.1

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:linux affinity toolkitscope: - version: -

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:webproxyscope:eqversion:1.0

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.6

Trust: 0.3

vendor:hpmodel:virtualvaultscope:eqversion:4.5

Trust: 0.3

vendor:hpmodel:tru64 unix internet expressscope:eqversion:5.9

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:eqversion:5.8.1

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvmsscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:secure os software for linuxscope:eqversion:1.0

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.1-1

Trust: 0.3

vendor:hpmodel:openssl for openvms alphascope:eqversion:1.0

Trust: 0.3

vendor:hpmodel:internet express eakscope:eqversion:2.0

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl gscope:neversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:neversion:0.9.6

Trust: 0.3

vendor:novellmodel:netmail escope:neversion:3.10

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.2

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.9.1

Trust: 0.3

vendor:hpmodel:tru64 unix compaq secure web serverscope:neversion:5.8.2

Trust: 0.3

vendor:hpmodel:openssl for openvms alpha -ascope:neversion:1.0

Trust: 0.3

sources: CERT/CC: VU#561275 // CERT/CC: VU#308891 // BID: 5364 // JVNDB: JVNDB-2002-000171 // CNNVD: CNNVD-200208-173 // NVD: CVE-2002-0655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0655
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#561275
value: 5.88

Trust: 0.8

CARNEGIE MELLON: VU#308891
value: 17.63

Trust: 0.8

NVD: CVE-2002-0655
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200208-173
value: HIGH

Trust: 0.6

VULHUB: VHN-5046
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-0655
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5046
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#561275 // CERT/CC: VU#308891 // VULHUB: VHN-5046 // JVNDB: JVNDB-2002-000171 // CNNVD: CNNVD-200208-173 // NVD: CVE-2002-0655

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-173

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 5364 // CNNVD: CNNVD-200208-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000171

PATCH

title:secadv_20020730url:http://www.openssl.org/news/secadv_20020730.txt

Trust: 0.8

title:#37url:http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html

Trust: 0.8

title:RHSA-2002:155url:http://rhn.redhat.com/errata/RHSA-2002-155.html

Trust: 0.8

title:46424url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1

Trust: 0.8

title:ISC Information for VU#308891url:http://www.kb.cert.org/vuls/id/JSHA-5CSM74

Trust: 0.8

title:RHSA-2002:155url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-155J.html

Trust: 0.8

sources: JVNDB: JVNDB-2002-000171

EXTERNAL IDS

db:BIDid:5364

Trust: 3.6

db:CERT/CCid:VU#308891

Trust: 3.3

db:NVDid:CVE-2002-0655

Trust: 2.9

db:BIDid:5353

Trust: 1.6

db:BIDid:5361

Trust: 0.8

db:CERT/CCid:VU#561275

Trust: 0.8

db:JVNDBid:JVNDB-2002-000171

Trust: 0.8

db:CNNVDid:CNNVD-200208-173

Trust: 0.7

db:CONECTIVAid:CLA-2002:513

Trust: 0.6

db:CALDERAid:CSSA-2002-033.0

Trust: 0.6

db:CALDERAid:CSSA-2002-033.1

Trust: 0.6

db:MANDRAKEid:MDKSA-2002:046

Trust: 0.6

db:CERT/CCid:CA-2002-23

Trust: 0.6

db:FREEBSDid:FREEBSD-SA-02:33

Trust: 0.6

db:VULHUBid:VHN-5046

Trust: 0.1

db:PACKETSTORMid:169647

Trust: 0.1

sources: CERT/CC: VU#561275 // CERT/CC: VU#308891 // VULHUB: VHN-5046 // BID: 5364 // JVNDB: JVNDB-2002-000171 // PACKETSTORM: 169647 // CNNVD: CNNVD-200208-173 // NVD: CVE-2002-0655

REFERENCES

url:http://www.securityfocus.com/bid/5364

Trust: 3.3

url:http://www.cert.org/advisories/ca-2002-23.html

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/308891

Trust: 2.5

url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt

Trust: 1.7

url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt

Trust: 1.7

url:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc

Trust: 1.7

url:http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php

Trust: 1.7

url:http://www.securityfocus.com/bid/5353

Trust: 1.6

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513

Trust: 1.6

url:http://www.securityfocus.com/bid/5361

Trust: 0.8

url:http://www.ciac.org/ciac/bulletins/m-103.shtml

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0655

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023601.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023001.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023101.txt

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2002/wr023201.txt

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0655

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030416_114510.html

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20030424_144742.html

Trust: 0.8

url:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm

Trust: 0.3

url:http://otn.oracle.com/deploy/security/htdocs/opensslalert.html

Trust: 0.3

url:http://sunsolve.sun.com/securitypatch

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=120139

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=120141

Trust: 0.3

url: -

Trust: 0.1

url:http://distro.conectiva.com.br/atualizacoes/?id=a&amp;anuncio=000513

Trust: 0.1

url:http://www.neohapsis.com/)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-0656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-0657

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657

Trust: 0.1

url:https://www.openssl.org/news/patch_20020730_0_9_6d.txt

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656

Trust: 0.1

url:http://www.thebunker.net/)

Trust: 0.1

url:https://www.openssl.org/news/patch_20020730_0_9_7.txt

Trust: 0.1

url:https://www.openssl.org/).

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-0655

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659

Trust: 0.1

url:https://www.openssl.org/news/secadv_20020730.txt

Trust: 0.1

sources: CERT/CC: VU#561275 // CERT/CC: VU#308891 // VULHUB: VHN-5046 // BID: 5364 // JVNDB: JVNDB-2002-000171 // PACKETSTORM: 169647 // CNNVD: CNNVD-200208-173 // NVD: CVE-2002-0655

CREDITS

A.L. Digital Ltd The Bunker

Trust: 0.6

sources: CNNVD: CNNVD-200208-173

SOURCES

db:CERT/CCid:VU#561275
db:CERT/CCid:VU#308891
db:VULHUBid:VHN-5046
db:BIDid:5364
db:JVNDBid:JVNDB-2002-000171
db:PACKETSTORMid:169647
db:CNNVDid:CNNVD-200208-173
db:NVDid:CVE-2002-0655

LAST UPDATE DATE

2024-08-14T12:24:33.898000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#561275date:2002-09-30T00:00:00
db:CERT/CCid:VU#308891date:2002-09-30T00:00:00
db:VULHUBid:VHN-5046date:2008-09-10T00:00:00
db:BIDid:5364date:2015-03-19T08:28:00
db:JVNDBid:JVNDB-2002-000171date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200208-173date:2006-09-21T00:00:00
db:NVDid:CVE-2002-0655date:2008-09-10T19:12:39.993

SOURCES RELEASE DATE

db:CERT/CCid:VU#561275date:2002-07-30T00:00:00
db:CERT/CCid:VU#308891date:2002-07-30T00:00:00
db:VULHUBid:VHN-5046date:2002-08-12T00:00:00
db:BIDid:5364date:2002-07-30T00:00:00
db:JVNDBid:JVNDB-2002-000171date:2007-04-01T00:00:00
db:PACKETSTORMid:169647date:2002-07-30T12:12:12
db:CNNVDid:CNNVD-200208-173date:2002-07-30T00:00:00
db:NVDid:CVE-2002-0655date:2002-08-12T04:00:00