ID

VAR-200312-0218


CVE

CVE-2003-0851


TITLE

OpenSSL 0.9.6k does not properly handle ASN.1 sequences

Trust: 0.8

sources: CERT/CC: VU#412478

DESCRIPTION

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. This issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. OpenSSL Security Advisory [4 November 2003] Denial of Service in ASN.1 parsing ================================== Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. Patches for this issue have been created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. Who is affected? ---------------- OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms is known to crash. Recommendations --------------- Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries. OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): o https://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.6l.tar.gz [normal] MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27 o openssl-engine-0.9.6l.tar.gz [engine] MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c The checksums were calculated using the following command: openssl md5 < openssl-0.9.6l.tar.gz openssl md5 < openssl-engine-0.9.6l.tar.gz References ---------- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851 URL for this Security Advisory: https://www.openssl.org/news/secadv_20031104.txt . TITLE: Red Hat update for openssl SECUNIA ADVISORY ID: SA17398 VERIFY ADVISORY: http://secunia.com/advisories/17398/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ DESCRIPTION: Red Hat has issued an update for openssl. http://rhn.redhat.com/ ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-829.html OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Trust: 3.15

sources: NVD: CVE-2003-0851 // CERT/CC: VU#412478 // JVNDB: JVNDB-2003-000331 // BID: 8970 // BID: 13139 // VULHUB: VHN-7676 // PACKETSTORM: 169672 // PACKETSTORM: 41200

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:0.9.6k

Trust: 1.8

vendor:ciscomodel:iosscope:eqversion:12.2sy

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1\(11b\)e

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1\(11\)e

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2sx

Trust: 1.6

vendor:netbsdmodel:netbsdscope:eqversion:1.6.1

Trust: 1.1

vendor:netbsdmodel:netbsdscope:eqversion:1.6

Trust: 1.1

vendor:ciscomodel:pix firewallscope:eqversion:6.2

Trust: 1.1

vendor:ciscomodel:pix firewallscope:eqversion:6.1

Trust: 1.1

vendor:ciscomodel:pix firewallscope:eqversion:6.0

Trust: 1.1

vendor:ciscomodel:pix firewallscope:eqversion:6.2.2_.111

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0\(3\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0\(4\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0\(2\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1\(3\)

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1\(1\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.2\(1\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1\(2\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.3\(3.102\)

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1\(5\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0\(4.101\)

Trust: 1.0

vendor:ciscomodel:css11000 content services switchscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.2\(2\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.1\(4\)

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.3\(1\)

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.2\(3\)

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7b

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.2

Trust: 1.0

vendor:ciscomodel:pix firewall softwarescope:eqversion:6.0\(1\)

Trust: 1.0

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel:netbsdscope:eqversion:1.5

Trust: 0.8

vendor:netbsdmodel:netbsdscope:eqversion:1.5.1

Trust: 0.8

vendor:netbsdmodel:netbsdscope:eqversion:1.5.2

Trust: 0.8

vendor:netbsdmodel:netbsdscope:eqversion:1.5.3

Trust: 0.8

vendor:sgimodel:propackscope:eqversion:2.3

Trust: 0.8

vendor:sgimodel:propackscope:eqversion:2.4

Trust: 0.8

vendor:ciscomodel:pix firewallscope:eqversion:6.3

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:ciscomodel:ios 12.1 escope: - version: -

Trust: 0.6

vendor:sgimodel:irix mscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.19

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.2

Trust: 0.3

vendor:operamodel:software opera web browserscope:eqversion:7.22

Trust: 0.3

vendor:operamodel:software opera web browserscope:eqversion:7.21

Trust: 0.3

vendor:operamodel:software opera web browserscope:eqversion:7.20

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.2.111

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(3)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1.4

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(5)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(4)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(3)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0.4

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(4.101)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(4)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(1)

Trust: 0.3

vendor:ciscomodel:ios 12.2syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 e12scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ecscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ea1scope: - version: -

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:2.1(0.208)

Trust: 0.3

vendor:ciscomodel:css11000 content services switchscope: - version: -

Trust: 0.3

vendor:operamodel:software opera web browserscope:neversion:7.23

Trust: 0.3

vendor:opensslmodel:project openssl cscope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl lscope:neversion:0.9.6

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:neversion:3.1.2

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:neversion:2.1.10

Trust: 0.3

vendor:bluemodel:coat systems cacheos ca/sascope:neversion:4.1.12

Trust: 0.3

vendor:peoplesoftmodel:oneworld xe/erp8 applications sp22scope: - version: -

Trust: 0.3

vendor:peoplesoftmodel:enterpriseone applicationsscope:eqversion:8.93

Trust: 0.3

vendor:peoplesoftmodel:enterpriseone applications sp2scope:eqversion:8.9

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2.6

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2.0.5

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.4

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1.5

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1.4

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2.6

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2.0.5

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.4

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1.5

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1.4

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.6.0

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.0.5

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.4

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1.5

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1.4

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.3.1

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle8i standard editionscope:eqversion:8.1.7.4

Trust: 0.3

vendor:oraclemodel:oracle8i enterprise editionscope:eqversion:8.1.7.4.0

Trust: 0.3

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.4

Trust: 0.3

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.3.1

Trust: 0.3

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.3

Trust: 0.3

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.2

Trust: 0.3

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.4

Trust: 0.3

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.3.1

Trust: 0.3

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.3

Trust: 0.3

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.2

Trust: 0.3

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.4

Trust: 0.3

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.3.1

Trust: 0.3

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.3

Trust: 0.3

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.2

Trust: 0.3

vendor:oraclemodel:oracle10g application serverscope:eqversion:10.1.2

Trust: 0.3

vendor:oraclemodel:oracle10g application serverscope:eqversion:10.1.0.3.1

Trust: 0.3

vendor:oraclemodel:oracle10g application serverscope:eqversion:9.0.4.1

Trust: 0.3

vendor:oraclemodel:oracle10g application serverscope:eqversion:9.0.4.0

Trust: 0.3

vendor:oraclemodel:enterprise manager grid control 10gscope:eqversion:10.1.3

Trust: 0.3

vendor:oraclemodel:enterprise manager grid control 10gscope:eqversion:10.1.0.2

Trust: 0.3

vendor:oraclemodel:enterprise managerscope:eqversion:9.0.4.1

Trust: 0.3

vendor:oraclemodel:enterprise managerscope:eqversion:9.0.4.0

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.10

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.9

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.8

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.7

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.6

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.5

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.4

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.3

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.2

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.1

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5

Trust: 0.3

vendor:oraclemodel:e-business suitescope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:collaboration suite releasescope:eqversion:29.0.4.2

Trust: 0.3

vendor:oraclemodel:collaboration suite releasescope:eqversion:29.0.4.1

Trust: 0.3

sources: CERT/CC: VU#412478 // BID: 8970 // BID: 13139 // JVNDB: JVNDB-2003-000331 // CNNVD: CNNVD-200312-003 // NVD: CVE-2003-0851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0851
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#412478
value: 3.23

Trust: 0.8

NVD: CVE-2003-0851
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200312-003
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7676
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0851
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7676
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#412478 // VULHUB: VHN-7676 // JVNDB: JVNDB-2003-000331 // CNNVD: CNNVD-200312-003 // NVD: CVE-2003-0851

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0851

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 169672 // CNNVD: CNNVD-200312-003

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200312-003

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000331

PATCH

title:cisco-sa-20030930-sslurl:http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml

Trust: 0.8

title:NetBSD-SA2004-003url:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc

Trust: 0.8

title:secadv_20031104url:http://www.openssl.org/news/secadv_20031104.txt

Trust: 0.8

title:RHSA-2004:119url:https://rhn.redhat.com/errata/RHSA-2004-119.html

Trust: 0.8

title:20040304-01-Uurl:ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc

Trust: 0.8

title:RHSA-2004:119url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-119J.html

Trust: 0.8

sources: JVNDB: JVNDB-2003-000331

EXTERNAL IDS

db:CERT/CCid:VU#412478

Trust: 3.3

db:NVDid:CVE-2003-0851

Trust: 3.2

db:BIDid:8970

Trust: 2.8

db:SECUNIAid:17381

Trust: 2.5

db:JVNDBid:JVNDB-2003-000331

Trust: 0.8

db:NETBSDid:NETBSD-SA2004-003

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5528

Trust: 0.6

db:BUGTRAQid:20040508 [FLSA-2004:1395] UPDATED OPENSSL RESOLVES SECURITY VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20031104 [OPENSSL ADVISORY] DENIAL OF SERVICE IN ASN.1 PARSING

Trust: 0.6

db:CISCOid:20030930 SSL IMPLEMENTATION VULNERABILITIES

Trust: 0.6

db:REDHATid:RHSA-2004:119

Trust: 0.6

db:SGIid:20040304-01-U

Trust: 0.6

db:FEDORAid:FEDORA-2005-1042

Trust: 0.6

db:CNNVDid:CNNVD-200312-003

Trust: 0.6

db:BIDid:13139

Trust: 0.3

db:VULHUBid:VHN-7676

Trust: 0.1

db:PACKETSTORMid:169672

Trust: 0.1

db:SECUNIAid:17398

Trust: 0.1

db:PACKETSTORMid:41200

Trust: 0.1

sources: CERT/CC: VU#412478 // VULHUB: VHN-7676 // BID: 8970 // BID: 13139 // JVNDB: JVNDB-2003-000331 // PACKETSTORM: 169672 // PACKETSTORM: 41200 // CNNVD: CNNVD-200312-003 // NVD: CVE-2003-0851

REFERENCES

url:http://www.openssl.org/news/secadv_20031104.txt

Trust: 2.9

url:http://www.securityfocus.com/bid/8970

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/412478

Trust: 2.5

url:http://secunia.com/advisories/17381

Trust: 2.5

url:http://rhn.redhat.com/errata/rhsa-2004-119.html

Trust: 2.3

url:http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml

Trust: 2.0

url:http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html

Trust: 1.7

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc

Trust: 1.7

url:ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5528

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=106796246511667&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=108403850228012&w=2

Trust: 1.0

url:http://www.uniras.gov.uk/vuls/2003/006489/openssl2.htm

Trust: 0.8

url:http://www.itu.int/itu-t/asn1/

Trust: 0.8

url:http://www.itu.int/itu-t/studygroups/com10/languages/

Trust: 0.8

url:http://www.cert.org/advisories/ca-2003-26.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0851

Trust: 0.8

url:http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml

Trust: 0.8

url:http://jvn.jp/cert/jvnca-2003-26

Trust: 0.8

url:http://jvn.jp/tr/trca-2003-26

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0851

Trust: 0.8

url:http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/20031001_103420.html

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=106796246511667&w=2

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5528

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108403850228012&w=2

Trust: 0.6

url:http://www.opera.com/windows/changelogs/723/

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2004-139.html

Trust: 0.3

url:http://www.bluecoat.com/support/knowledge/advisory_asn1_parsing_0.9.6.l.html

Trust: 0.3

url:http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

Trust: 0.3

url:http://www.oracle.com/index.html

Trust: 0.3

url:http://www.peoplesoft.com:80/corp/en/support/security_index.jsp

Trust: 0.3

url:/archive/1/395699

Trust: 0.3

url:http://marc.info/?l=bugtraq&amp;m=106796246511667&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=108403850228012&amp;w=2

Trust: 0.1

url: -

Trust: 0.1

url:https://www.openssl.org/source/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2003-0851

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0851

Trust: 0.1

url:https://www.niscc.gov.uk)

Trust: 0.1

url:https://www.openssl.org/source/mirror.html):

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/48/

Trust: 0.1

url:http://rhn.redhat.com/errata/rhsa-2005-829.html

Trust: 0.1

url:http://rhn.redhat.com/

Trust: 0.1

url:http://secunia.com/product/1326/

Trust: 0.1

url:http://secunia.com/product/1306/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/11139/

Trust: 0.1

url:http://secunia.com/advisories/17398/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/1044/

Trust: 0.1

sources: CERT/CC: VU#412478 // VULHUB: VHN-7676 // BID: 8970 // BID: 13139 // JVNDB: JVNDB-2003-000331 // PACKETSTORM: 169672 // PACKETSTORM: 41200 // CNNVD: CNNVD-200312-003 // NVD: CVE-2003-0851

CREDITS

David Litchfield※ david@nextgenss.com

Trust: 0.6

sources: CNNVD: CNNVD-200312-003

SOURCES

db:CERT/CCid:VU#412478
db:VULHUBid:VHN-7676
db:BIDid:8970
db:BIDid:13139
db:JVNDBid:JVNDB-2003-000331
db:PACKETSTORMid:169672
db:PACKETSTORMid:41200
db:CNNVDid:CNNVD-200312-003
db:NVDid:CVE-2003-0851

LAST UPDATE DATE

2024-12-25T21:03:47.803000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#412478date:2003-11-05T00:00:00
db:VULHUBid:VHN-7676date:2018-10-30T00:00:00
db:BIDid:8970date:2015-03-19T08:52:00
db:BIDid:13139date:2006-05-05T23:30:00
db:JVNDBid:JVNDB-2003-000331date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-003date:2009-03-04T00:00:00
db:NVDid:CVE-2003-0851date:2018-10-30T16:26:18.123

SOURCES RELEASE DATE

db:CERT/CCid:VU#412478date:2003-11-04T00:00:00
db:VULHUBid:VHN-7676date:2003-12-01T00:00:00
db:BIDid:8970date:2003-11-04T00:00:00
db:BIDid:13139date:2005-04-12T00:00:00
db:JVNDBid:JVNDB-2003-000331date:2007-04-01T00:00:00
db:PACKETSTORMid:169672date:2003-11-04T12:12:12
db:PACKETSTORMid:41200date:2005-11-03T01:02:14
db:CNNVDid:CNNVD-200312-003date:2003-07-18T00:00:00
db:NVDid:CVE-2003-0851date:2003-12-01T05:00:00