Details of VAR-200311-0091

ID

VAR-200311-0091

CVE

CVE-2003-0545

TITLE

Multiple vulnerabilities in SSL/TLS implementations

Trust: 0.8

sources: CERT/CC: VU#104280

DESCRIPTION

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- OpenSSL Security Advisory [30 September 2003] Vulnerabilities in ASN.1 parsing ================================ NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates. Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite. Vulnerabilities - --------------- 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. 2. 3. Exploitation of an affected application would result in a denial of service vulnerability. 4. This by itself is not strictly speaking a vulnerability but it does mean that *all* SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication. Who is affected? - ---------------- All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected. Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations - --------------- Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries. References - ---------- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 and CAN-2003-0543 and CAN-2003-0544 for issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----

Trust: 6.3

sources: NVD: CVE-2003-0545 // CERT/CC: VU#104280 // CERT/CC: VU#732952 // CERT/CC: VU#686224 // CERT/CC: VU#935264 // CERT/CC: VU#380864 // CERT/CC: VU#255484 // JVNDB: JVNDB-2003-000287 // BID: 8732 // PACKETSTORM: 31738

AFFECTED PRODUCTS

vendor:	openssl	model:	-	scope:	-	version:	-	Trust: 4.0
vendor:	mandrakesoft	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.7	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6	Trust: 1.6
vendor:	cisco	model:	ios 12.1 e	scope:	-	version:	-	Trust: 1.2
vendor:	oracle	model:	http server	scope:	eq	version:	9.0.1	Trust: 1.1
vendor:	oracle	model:	http server	scope:	eq	version:	8.1.7	Trust: 1.1
vendor:	appgate network security ab	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	conectiva	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cray	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	freebsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	guardian digital	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ingrian	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netbsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nortel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	novell	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openbsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	rsa security	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sgi	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ssh security	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	secure computing	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	slackware	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stonesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stunnel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	tawie server linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	turbolinux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	wirex	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lte	version:	0.9.7b	Trust: 0.8
vendor:	oracle	model:	application server	scope:	eq	version:	1.0.2.2	Trust: 0.8
vendor:	oracle	model:	application server	scope:	eq	version:	1.0.2.2s	Trust: 0.8
vendor:	oracle	model:	application server	scope:	eq	version:	9.0.2	Trust: 0.8
vendor:	oracle	model:	application server	scope:	eq	version:	9.0.3	Trust: 0.8
vendor:	oracle	model:	database	scope:	eq	version:	8.1.7	Trust: 0.8
vendor:	oracle	model:	database	scope:	eq	version:	9.0.1	Trust: 0.8
vendor:	oracle	model:	database	scope:	eq	version:	9.2.0	Trust: 0.8
vendor:	oracle	model:	http server	scope:	eq	version:	9.2	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	1.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.00	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.22	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux apache-based web server	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	9	Trust: 0.8
vendor:	vmware	model:	gsx server build	scope:	eq	version:	2.5.15336	Trust: 0.3
vendor:	vmware	model:	esx server build	scope:	eq	version:	2.05257	Trust: 0.3
vendor:	vmware	model:	esx server	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.30	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.200	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.11	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.10	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.01	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	eq	version:	33.0	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 9 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	one web server sp6	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp5	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp4	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp3	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp2	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp9	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp8	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp7	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp6	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp14	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp13	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp12	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp11	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp10	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one web server sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	sun	model:	one directory server	scope:	eq	version:	5.1x86	Trust: 0.3
vendor:	sun	model:	one directory server sp2	scope:	eq	version:	5.1	Trust: 0.3
vendor:	sun	model:	one directory server sp1	scope:	eq	version:	5.1	Trust: 0.3
vendor:	sun	model:	one directory server	scope:	eq	version:	5.1	Trust: 0.3
vendor:	sun	model:	one application server ur2 standard edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server ur2 platform edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server ur1 standard edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server ur1 platform edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server standard edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server platform edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	java system web server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	grid engine	scope:	eq	version:	5.3x86	Trust: 0.3
vendor:	sun	model:	grid engine sun linux	scope:	eq	version:	5.3	Trust: 0.3
vendor:	sun	model:	grid engine 64-bit sparc	scope:	eq	version:	5.3	Trust: 0.3
vendor:	sun	model:	grid engine 32-bit sparc	scope:	eq	version:	5.3	Trust: 0.3
vendor:	sun	model:	cluster	scope:	eq	version:	3.1	Trust: 0.3
vendor:	sun	model:	cluster	scope:	eq	version:	3.0	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.2	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.1	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.7.2	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.7.1	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.7	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.6.2	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.5.18	Trust: 0.3
vendor:	stonesoft	model:	stonegate	scope:	eq	version:	1.5.17	Trust: 0.3
vendor:	stonesoft	model:	stonebeat webcluster	scope:	eq	version:	2.5	Trust: 0.3
vendor:	stonesoft	model:	stonebeat webcluster	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat securitycluster	scope:	eq	version:	2.5	Trust: 0.3
vendor:	stonesoft	model:	stonebeat securitycluster	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat high availability	scope:	eq	version:	3.1	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for raptor	scope:	eq	version:	2.5	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for raptor	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for isa server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for gauntlet	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for firewall-1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	stonesoft	model:	stonebeat fullcluster for firewall-1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ssleay	model:	ssleay	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	ssleay	model:	ssleay	scope:	eq	version:	0.9	Trust: 0.3
vendor:	ssleay	model:	ssleay	scope:	eq	version:	0.8.1	Trust: 0.3
vendor:	ssleay	model:	ssleay	scope:	eq	version:	0.6.6	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2.5	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2.4	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.8	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.7	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.6	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ssh	model:	communications security ssh sentinel	scope:	eq	version:	1.4	Trust: 0.3
vendor:	ssh	model:	communications security ipsec express toolkit	scope:	-	version:	-	Trust: 0.3
vendor:	snapgear	model:	os	scope:	eq	version:	1.8.4	Trust: 0.3
vendor:	smoothwall	model:	gpl	scope:	eq	version:	1.0	Trust: 0.3
vendor:	smoothwall	model:	express beta	scope:	eq	version:	2.0	Trust: 0.3
vendor:	sgi	model:	propack	scope:	eq	version:	2.3	Trust: 0.3
vendor:	sgi	model:	propack	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.22	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.21	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.20	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.2.0	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	1.0.2.2	Trust: 0.3
vendor:	oracle	model:	oracle9i application server .1s	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	oracle	model:	http server	scope:	eq	version:	9.2.0	Trust: 0.3
vendor:	openssl	model:	project openssl beta3	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl beta2	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl beta1	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl j	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl i	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl h	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl g	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl e	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl d	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.5	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.4	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.3	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.2	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.1	Trust: 0.3
vendor:	novell	model:	nsure audit	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	novell	model:	netware	scope:	eq	version:	6.5	Trust: 0.3
vendor:	novell	model:	netware	scope:	eq	version:	6.0	Trust: 0.3
vendor:	novell	model:	netware	scope:	eq	version:	5.1	Trust: 0.3
vendor:	novell	model:	netmail e	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail d	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail c	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail b	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail a	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail	scope:	eq	version:	3.10	Trust: 0.3
vendor:	novell	model:	netmail	scope:	eq	version:	3.1	Trust: 0.3
vendor:	novell	model:	netmail b	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	novell	model:	netmail a	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	novell	model:	netmail	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	novell	model:	netmail	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	novell	model:	international cryptographic infostructure	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	novell	model:	imanager	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	novell	model:	imanager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	novell	model:	imanager	scope:	eq	version:	1.5	Trust: 0.3
vendor:	novell	model:	ichain server sp1	scope:	eq	version:	2.2	Trust: 0.3
vendor:	novell	model:	ichain server fp1a	scope:	eq	version:	2.2	Trust: 0.3
vendor:	novell	model:	ichain server fp1	scope:	eq	version:	2.2	Trust: 0.3
vendor:	novell	model:	ichain server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	novell	model:	groupwise webaccess sp2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	novell	model:	groupwise webaccess sp1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	novell	model:	groupwise webaccess	scope:	eq	version:	6.5	Trust: 0.3
vendor:	novell	model:	groupwise webaccess sp4	scope:	eq	version:	6.0	Trust: 0.3
vendor:	novell	model:	groupwise internet agent	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	novell	model:	groupwise sp2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	novell	model:	groupwise sp4	scope:	eq	version:	6.0	Trust: 0.3
vendor:	novell	model:	edirectory su1	scope:	eq	version:	8.7.1	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.7.1	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.7	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.6.2	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.5.27	Trust: 0.3
vendor:	novell	model:	edirectory a	scope:	eq	version:	8.5.12	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.5	Trust: 0.3
vendor:	novell	model:	edirectory	scope:	eq	version:	8.0	Trust: 0.3
vendor:	novell	model:	bordermanager	scope:	eq	version:	3.8	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake ppc	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	8.2	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	juniper	model:	networks t-series router t640	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks t-series router t320	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks sdx-300	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	juniper	model:	networks sdx-300	scope:	eq	version:	3.1	Trust: 0.3
vendor:	juniper	model:	networks m-series router m5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks m-series router m40e	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks m-series router m40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks m-series router m20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks m-series router m160	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	networks m-series router m10	scope:	-	version:	-	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ibm	model:	rational rose	scope:	eq	version:	2000	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.42.2	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.28	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.26	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.19	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.12.4	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.12.3	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	1.3.12.2	Trust: 0.3
vendor:	hp	model:	hp-ux aaa server a.06.01.02	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.22	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.20	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.0	Trust: 0.3
vendor:	hp	model:	wbem services for hp-ux a.01.05.05	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	isman	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	firepass	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	4.5	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	4.4	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	4.3	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	4.2	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	2.1	Trust: 0.3
vendor:	f5	model:	bigip	scope:	eq	version:	2.0	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.5	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.4	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.3	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.2	Trust: 0.3
vendor:	f secure	model:	ssh for windows	scope:	eq	version:	5.3	Trust: 0.3
vendor:	f secure	model:	ssh for windows	scope:	eq	version:	5.2	Trust: 0.3
vendor:	f secure	model:	ssh for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	f secure	model:	ssh for unix	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	f secure	model:	ssh for unix	scope:	eq	version:	3.2.0	Trust: 0.3
vendor:	f secure	model:	ssh for unix	scope:	eq	version:	3.1.0	Trust: 0.3
vendor:	f secure	model:	ssh	scope:	eq	version:	3.1.0	Trust: 0.3
vendor:	f secure	model:	ssh for unix	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cray	model:	open software	scope:	eq	version:	3.4	Trust: 0.3
vendor:	computer	model:	associates etrust security command center	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	threat response	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.3.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.3.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.2.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-3.2.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2.5.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2-3.3.2-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sn storage router sn5428-2-3.3.1-k9	scope:	eq	version:	5428	Trust: 0.3
vendor:	cisco	model:	sip proxy server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	secure policy manager	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	520	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	515	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios 12.2sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	gss global site selector	scope:	eq	version:	4480	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	css11000 content services switch	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	css secure content accelerator	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	css secure content accelerator	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	ciscoworks wireless lan solution engine	scope:	eq	version:	1105	Trust: 0.3
vendor:	cisco	model:	ciscoworks hosting solution engine	scope:	eq	version:	1105	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software providor-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software providor-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software providor-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software providor-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software providor-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software nokia voyager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software next generation fp3 hf2	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software next generation fp3 hf1	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software next generation fp3	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software next generation fp2	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software next generation fp1	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp6	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp8	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp7	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	borderware	model:	firewall server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	blue	model:	coat systems security gateway os	scope:	eq	version:	3.0	Trust: 0.3
vendor:	blue	model:	coat systems security gateway os	scope:	eq	version:	2.0	Trust: 0.3
vendor:	blue	model:	coat systems cacheos ca/sa	scope:	eq	version:	4.1.10	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	tarantella	model:	enterprise	scope:	ne	version:	33.40	Trust: 0.3
vendor:	sun	model:	solaris 8 x86	scope:	ne	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 sparc	scope:	ne	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 7.0 x86	scope:	ne	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	ne	version:	7.0	Trust: 0.3
vendor:	sun	model:	one web server sp7	scope:	ne	version:	6.0	Trust: 0.3
vendor:	sun	model:	one web server sp14	scope:	ne	version:	4.1	Trust: 0.3
vendor:	sun	model:	one directory server sp3	scope:	ne	version:	5.1	Trust: 0.3
vendor:	sun	model:	one application server ur2 upgrade standard	scope:	ne	version:	7.0	Trust: 0.3
vendor:	sun	model:	one application server ur2 upgrade platform	scope:	ne	version:	7.0	Trust: 0.3
vendor:	sun	model:	java system web server sp1	scope:	ne	version:	6.1	Trust: 0.3
vendor:	sun	model:	cluster	scope:	ne	version:	2.2	Trust: 0.3
vendor:	sun	model:	cluster	scope:	ne	version:	2.1	Trust: 0.3
vendor:	ssh	model:	communications security ssh2	scope:	ne	version:	3.2.9	Trust: 0.3
vendor:	ssh	model:	communications security ssh sentinel	scope:	ne	version:	1.4.1	Trust: 0.3
vendor:	snapgear	model:	os	scope:	ne	version:	1.8.5	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	ne	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl k	scope:	ne	version:	0.9.6	Trust: 0.3
vendor:	novell	model:	nsure audit	scope:	ne	version:	1.0.3	Trust: 0.3
vendor:	novell	model:	nsure audit	scope:	ne	version:	1.0.2	Trust: 0.3
vendor:	novell	model:	netmail f	scope:	ne	version:	3.1	Trust: 0.3
vendor:	novell	model:	imanager	scope:	ne	version:	2.5	Trust: 0.3
vendor:	novell	model:	edirectory su1	scope:	ne	version:	8.7.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	ne	version:	3.3.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	ne	version:	3.3.1	Trust: 0.3
vendor:	ibm	model:	rational requisitepro	scope:	ne	version:	7.0	Trust: 0.3
vendor:	hp	model:	hp-ux aaa server a.06.01.02.04	scope:	ne	version:	-	Trust: 0.3
vendor:	hp	model:	wbem services for hp-ux a.01.05.07	scope:	ne	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.2.8	Trust: 0.3

sources: CERT/CC: VU#104280 // CERT/CC: VU#732952 // CERT/CC: VU#686224 // CERT/CC: VU#935264 // CERT/CC: VU#380864 // CERT/CC: VU#255484 // BID: 8732 // JVNDB: JVNDB-2003-000287 // CNNVD: CNNVD-200311-033 // NVD: CVE-2003-0545

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2003-0545
value:	HIGH
Trust: 1.8
CARNEGIE MELLON:	VU#104280
value:	11.81
Trust: 0.8
CARNEGIE MELLON:	VU#732952
value:	2.53
Trust: 0.8
CARNEGIE MELLON:	VU#686224
value:	1.50
Trust: 0.8
CARNEGIE MELLON:	VU#935264
value:	21.52
Trust: 0.8
CARNEGIE MELLON:	VU#380864
value:	11.25
Trust: 0.8
CARNEGIE MELLON:	VU#255484
value:	11.25
Trust: 0.8
CNNVD:	CNNVD-200311-033
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2003-0545
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2003-0545
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: CERT/CC: VU#104280 // CERT/CC: VU#732952 // CERT/CC: VU#686224 // CERT/CC: VU#935264 // CERT/CC: VU#380864 // CERT/CC: VU#255484 // JVNDB: JVNDB-2003-000287 // CNNVD: CNNVD-200311-033 // NVD: CVE-2003-0545

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2003-000287 // NVD: CVE-2003-0545

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200311-033

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200311-033

CONFIGURATIONS

sources: NVD: CVE-2003-0545

PATCH

title:	cisco-sa-20030930-ssl	url:	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml	Trust: 0.8
title:	HPSBUX00290	url:	http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-290	Trust: 0.8
title:	HPSBUX0310-284	url:	http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284	Trust: 0.8
title:	HPSBUX00288	url:	http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831	Trust: 0.8
title:	HPSBUX00290	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html	Trust: 0.8
title:	HPSBUX0310-284	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html	Trust: 0.8
title:	openssl	url:	http://www.miraclelinux.com/support/update/data/openssl.html	Trust: 0.8
title:	secadv_20030930	url:	http://www.openssl.org/news/secadv_20030930.txt	Trust: 0.8
title:	#62	url:	http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf	Trust: 0.8
title:	#62	url:	http://support.oracle.co.jp/open/owa/external_krown.search_doc?c_document_id=70482	Trust: 0.8
title:	RHSA-2003:292	url:	http://rhn.redhat.com/errata/rhsa-2003-292.html	Trust: 0.8
title:	cisco-sa-20030930-ssl	url:	http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml	Trust: 0.8
title:	RHSA-2003:292	url:	http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html	Trust: 0.8

sources: JVNDB: JVNDB-2003-000287

EXTERNAL IDS

db:	CERT/CC	id:	VU#935264	Trust: 3.5
db:	NVD	id:	CVE-2003-0545	Trust: 2.8
db:	BID	id:	8732	Trust: 2.7
db:	CERT/CC	id:	VU#732952	Trust: 1.9
db:	CERT/CC	id:	VU#686224	Trust: 1.9
db:	CERT/CC	id:	VU#104280	Trust: 1.6
db:	VUPEN	id:	ADV-2006-3900	Trust: 1.6
db:	SECUNIA	id:	22249	Trust: 1.6
db:	CERT/CC	id:	VU#380864	Trust: 1.1
db:	CERT/CC	id:	VU#255484	Trust: 1.1
db:	XF	id:	13315	Trust: 0.8
db:	JVNDB	id:	JVNDB-2003-000287	Trust: 0.8
db:	CERT/CC	id:	CA-2003-26	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:2590	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:292	Trust: 0.6
db:	DEBIAN	id:	DSA-394	Trust: 0.6
db:	CNNVD	id:	CNNVD-200311-033	Trust: 0.6
db:	PACKETSTORM	id:	31738	Trust: 0.1

sources: CERT/CC: VU#104280 // CERT/CC: VU#732952 // CERT/CC: VU#686224 // CERT/CC: VU#935264 // CERT/CC: VU#380864 // CERT/CC: VU#255484 // BID: 8732 // JVNDB: JVNDB-2003-000287 // PACKETSTORM: 31738 // CNNVD: CNNVD-200311-033 // NVD: CVE-2003-0545

REFERENCES

url:	http://www.ietf.org/rfc/rfc2246.txt	Trust: 4.8
url:	http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm	Trust: 4.5
url:	http://wp.netscape.com/eng/ssl3/	Trust: 4.0
url:	http://www.itu.int/itu-t/studygroups/com10/languages/	Trust: 4.0
url:	http://www.openssl.org/news/secadv_20030930.txt	Trust: 3.9
url:	http://www.ietf.org/html.charters/pkix-charter.html	Trust: 3.2
url:	http://www.cert.org/advisories/ca-2003-26.html	Trust: 2.7
url:	http://www.kb.cert.org/vuls/id/935264	Trust: 2.7
url:	http://www.securityfocus.com/bid/8732	Trust: 2.4
url:	http://www-1.ibm.com/support/docview.wss?uid=swg21247112	Trust: 1.9
url:	http://www.redhat.com/support/errata/rhsa-2003-292.html	Trust: 1.6
url:	http://www.debian.org/security/2003/dsa-394	Trust: 1.6
url:	http://secunia.com/advisories/22249	Trust: 1.6
url:	http://www.kb.cert.org/vuls/id/686224	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/732952	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/3900	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2590	Trust: 1.0
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm	Trust: 0.9
url:	http://www.uniras.gov.uk/vuls/2003/006489/tls.htm	Trust: 0.8
url:	http://www.rsasecurity.com/rsalabs/pkcs/	Trust: 0.8
url:	http://wp.netscape.com/eng/ssl3/draft302.txt	Trust: 0.8
url:	http://www.ciac.org/ciac/bulletins/n-159.shtml	Trust: 0.8
url:	http://www.ciac.org/ciac/bulletins/o-065.shtml	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0545	Trust: 0.8
url:	http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/13315	Trust: 0.8
url:	http://jvn.jp/cert/jvnca-2003-26	Trust: 0.8
url:	http://jvn.jp/tr/trca-2003-26	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0545	Trust: 0.8
url:	http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/104280	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/20031001_103420.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/3900	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2590	Trust: 0.6
url:	http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml	Trust: 0.3
url:	http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599	Trust: 0.3
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.apple.com/swupdates/	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm	Trust: 0.3
url:	http://www.vmware.com/download/esx/esx2-openssh.html	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm	Trust: 0.3
url:	http://www.borderware.com/products/firewall.php	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm	Trust: 0.3
url:	http://www.vmware.com/download/gsx_security.html	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm	Trust: 0.3
url:	http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098	Trust: 0.3
url:	http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm	Trust: 0.3
url:	http://cirt.dk/advisories/cirt-32-advisory.pdf	Trust: 0.3
url:	http://www.cirt.dk/advisories/cirt-31-advisory.pdf	Trust: 0.3
url:	http://www.stonesoft.com/document/art/3040.html	Trust: 0.3
url:	http://metalink.oracle.com	Trust: 0.3
url:	http://www.smoothwall.org/home/news/item/20031001.01.html	Trust: 0.3
url:	http://www.ingate.com/relnote-331.php	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2003-293.html	Trust: 0.3
url:	http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html	Trust: 0.3
url:	http://support.novell.com/security-alerts/	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm	Trust: 0.3
url:	http://www.stonesoft.com/document/art/3041.html	Trust: 0.3
url:	http://www.ssh.com/company/newsroom/article/476/	Trust: 0.3
url:	http://www.ssh.com/company/newsroom/article/477/	Trust: 0.3
url:	http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475	Trust: 0.3
url:	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498	Trust: 0.3
url:	http://sunsolve.sun.com/patches/linux/security.html	Trust: 0.3
url:	http://www.tarantella.com/security/bulletin-08.html	Trust: 0.3
url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm	Trust: 0.3
url:	http://www.borderware.com/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/255484	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/380864	Trust: 0.3
url:	/archive/1/343055	Trust: 0.3
url:	https://www.niscc.gov.uk)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2003-0545	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2003-0543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2003-0544	Trust: 0.1

sources: CERT/CC: VU#104280 // CERT/CC: VU#732952 // CERT/CC: VU#686224 // CERT/CC: VU#935264 // CERT/CC: VU#380864 // CERT/CC: VU#255484 // BID: 8732 // JVNDB: JVNDB-2003-000287 // PACKETSTORM: 31738 // CNNVD: CNNVD-200311-033 // NVD: CVE-2003-0545

CREDITS

NISCC uniras@niscc.gov.uk

Trust: 0.6

sources: CNNVD: CNNVD-200311-033

SOURCES

db:	CERT/CC	id:	VU#104280
db:	CERT/CC	id:	VU#732952
db:	CERT/CC	id:	VU#686224
db:	CERT/CC	id:	VU#935264
db:	CERT/CC	id:	VU#380864
db:	CERT/CC	id:	VU#255484
db:	BID	id:	8732
db:	JVNDB	id:	JVNDB-2003-000287
db:	PACKETSTORM	id:	31738
db:	CNNVD	id:	CNNVD-200311-033
db:	NVD	id:	CVE-2003-0545

LAST UPDATE DATE

2022-05-29T21:30:21.532000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#104280	date:	2004-08-25T00:00:00
db:	CERT/CC	id:	VU#732952	date:	2003-10-01T00:00:00
db:	CERT/CC	id:	VU#686224	date:	2003-10-01T00:00:00
db:	CERT/CC	id:	VU#935264	date:	2003-10-01T00:00:00
db:	CERT/CC	id:	VU#380864	date:	2003-10-01T00:00:00
db:	CERT/CC	id:	VU#255484	date:	2003-10-01T00:00:00
db:	BID	id:	8732	date:	2016-07-06T14:32:00
db:	JVNDB	id:	JVNDB-2003-000287	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200311-033	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0545	date:	2018-05-03T01:29:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#104280	date:	2003-09-30T00:00:00
db:	CERT/CC	id:	VU#732952	date:	2003-09-30T00:00:00
db:	CERT/CC	id:	VU#686224	date:	2003-09-30T00:00:00
db:	CERT/CC	id:	VU#935264	date:	2003-09-30T00:00:00
db:	CERT/CC	id:	VU#380864	date:	2003-09-30T00:00:00
db:	CERT/CC	id:	VU#255484	date:	2003-09-30T00:00:00
db:	BID	id:	8732	date:	2003-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2003-000287	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	31738	date:	2003-09-30T16:10:22
db:	CNNVD	id:	CNNVD-200311-033	date:	2003-09-30T00:00:00
db:	NVD	id:	CVE-2003-0545	date:	2003-11-17T05:00:00