ID
VAR-200403-0166
CVE
CAN-2004-0079
TITLE
OpenSSL Denial of Service Vulnerabilities
Trust: 0.3
DESCRIPTION
Three security vulnerabilities have been reported to affect OpenSSL. Each of these remotely exploitable issues may result in a denial of service in applications which use OpenSSL. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Null-pointer assignment during SSL handshake =============================================== Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. 2. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. Recommendations --------------- Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries. OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.7d.tar.gz MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5 o openssl-0.9.6m.tar.gz [normal] MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9 o openssl-engine-0.9.6m.tar.gz [engine] MD5 checksum: 4c39d2524bd466180f9077f8efddac8c The checksums were calculated using the following command: openssl md5 openssl-0.9*.tar.gz Credits ------- Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing. References ---------- http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt
Trust: 0.36
AFFECTED PRODUCTS
vendor: | cisco | model: | ios 12.1 e | scope: | - | version: | - | Trust: 0.6 |
vendor: | vmware | model: | gsx server build | scope: | eq | version: | 3.07592 | Trust: 0.3 |
vendor: | vmware | model: | gsx server build | scope: | eq | version: | 2.5.15336 | Trust: 0.3 |
vendor: | vmware | model: | gsx server | scope: | eq | version: | 2.5.1 | Trust: 0.3 |
vendor: | vmware | model: | gsx server build | scope: | eq | version: | 2.0.12129 | Trust: 0.3 |
vendor: | vmware | model: | gsx server | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | tarantella | model: | enterprise | scope: | eq | version: | 33.40 | Trust: 0.3 |
vendor: | tarantella | model: | enterprise | scope: | eq | version: | 33.30 | Trust: 0.3 |
vendor: | tarantella | model: | enterprise | scope: | eq | version: | 33.200 | Trust: 0.3 |
vendor: | symantec | model: | clientless vpn gateway series | scope: | eq | version: | 44005.0 | Trust: 0.3 |
vendor: | sun | model: | crypto accelerator | scope: | eq | version: | 40001.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 2.0.9 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 2.0.8 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 2.0.7 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 1.7.2 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate vpn client | scope: | eq | version: | 1.7 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.2.4 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.2.1 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.9 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.8 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.7 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.6 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.5 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.4 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 2.0.1 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.7.2 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.7.1 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.7 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.6.3 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.6.2 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.5.18 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | eq | version: | 1.5.17 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat webcluster | scope: | eq | version: | 2.5 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat webcluster | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat securitycluster | scope: | eq | version: | 2.5 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat securitycluster | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for raptor | scope: | eq | version: | 2.5 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for raptor | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for isa server | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for gauntlet | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for firewall-1 | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | stonesoft | model: | stonebeat fullcluster for firewall-1 | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | stonesoft | model: | servercluster | scope: | eq | version: | 2.5.2 | Trust: 0.3 |
vendor: | stonesoft | model: | servercluster | scope: | eq | version: | 2.5 | Trust: 0.3 |
vendor: | sgi | model: | propack sp6 | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | sgi | model: | propack | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | sgi | model: | propack | scope: | eq | version: | 2.4 | Trust: 0.3 |
vendor: | sgi | model: | propack | scope: | eq | version: | 2.3 | Trust: 0.3 |
vendor: | sgi | model: | irix m | scope: | eq | version: | 6.5.24 | Trust: 0.3 |
vendor: | sgi | model: | irix m | scope: | eq | version: | 6.5.23 | Trust: 0.3 |
vendor: | sgi | model: | irix m | scope: | eq | version: | 6.5.22 | Trust: 0.3 |
vendor: | sgi | model: | irix m | scope: | eq | version: | 6.5.21 | Trust: 0.3 |
vendor: | sgi | model: | irix f | scope: | eq | version: | 6.5.21 | Trust: 0.3 |
vendor: | sgi | model: | irix m | scope: | eq | version: | 6.5.20 | Trust: 0.3 |
vendor: | sgi | model: | irix f | scope: | eq | version: | 6.5.20 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.1.02 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.1 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.0.04 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.0.03 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.0.02 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2.0.01 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | eq | version: | 5.2 | Trust: 0.3 |
vendor: | sco | model: | unixware | scope: | eq | version: | 7.1.3 | Trust: 0.3 |
vendor: | sco | model: | unixware | scope: | eq | version: | 7.1.1 | Trust: 0.3 |
vendor: | sco | model: | open server | scope: | eq | version: | 5.0.7 | Trust: 0.3 |
vendor: | sco | model: | open server | scope: | eq | version: | 5.0.6 | Trust: 0.3 |
vendor: | rsa | model: | security bsafe ssl-j sdk | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | rsa | model: | security bsafe ssl-j sdk | scope: | eq | version: | 3.0.1 | Trust: 0.3 |
vendor: | rsa | model: | security bsafe ssl-j sdk | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | redhat | model: | openssl096b-0.9.6b-3.i386.rpm | scope: | - | version: | - | Trust: 0.3 |
vendor: | redhat | model: | openssl096-0.9.6-15.i386.rpm | scope: | - | version: | - | Trust: 0.3 |
vendor: | redhat | model: | openssl-perl-0.9.7a-2.i386.rpm | scope: | - | version: | - | Trust: 0.3 |
vendor: | redhat | model: | openssl-devel-0.9.7a-2.i386.rpm | scope: | - | version: | - | Trust: 0.3 |
vendor: | redhat | model: | openssl-0.9.7a-2.i386.rpm | scope: | - | version: | - | Trust: 0.3 |
vendor: | redhat | model: | linux | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | redhat | model: | linux i386 | scope: | eq | version: | 7.3 | Trust: 0.3 |
vendor: | redhat | model: | linux | scope: | eq | version: | 7.3 | Trust: 0.3 |
vendor: | redhat | model: | linux | scope: | eq | version: | 7.2 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux ws | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | redhat | model: | enterprise linux es | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | redhat | model: | desktop | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | redhat | model: | desktop | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | red | model: | hat fedora core3 | scope: | - | version: | - | Trust: 0.3 |
vendor: | red | model: | hat fedora core2 | scope: | - | version: | - | Trust: 0.3 |
vendor: | red | model: | hat fedora core1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | red | model: | hat enterprise linux as | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | openssl | model: | project openssl c | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl beta3 | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl beta2 | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl beta1 | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl b | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl a | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl k | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl j | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl i | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl h | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl g | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl f | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl e | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl d | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl c | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openbsd | model: | openbsd | scope: | eq | version: | 3.4 | Trust: 0.3 |
vendor: | openbsd | model: | openbsd | scope: | eq | version: | 3.3 | Trust: 0.3 |
vendor: | novell | model: | imanager | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | novell | model: | imanager | scope: | eq | version: | 1.5 | Trust: 0.3 |
vendor: | novell | model: | edirectory su1 | scope: | eq | version: | 8.7.1 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.7.1 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.7 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.6.2 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.5.27 | Trust: 0.3 |
vendor: | novell | model: | edirectory a | scope: | eq | version: | 8.5.12 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.5 | Trust: 0.3 |
vendor: | novell | model: | edirectory | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | netscreen | model: | instant virtual extranet | scope: | eq | version: | 3.3.1 | Trust: 0.3 |
vendor: | netscreen | model: | instant virtual extranet | scope: | eq | version: | 3.3 | Trust: 0.3 |
vendor: | netscreen | model: | instant virtual extranet | scope: | eq | version: | 3.2 | Trust: 0.3 |
vendor: | netscreen | model: | instant virtual extranet | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | netscreen | model: | instant virtual extranet | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.3.1 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server rc3 | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server rc2 | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server rc1 | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.2.2 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.2.1 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server rc2 | scope: | eq | version: | 1.2 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server rc1 | scope: | eq | version: | 1.2 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.1.1 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.0.3 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.0.2 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | eq | version: | 1.0.1 | Trust: 0.3 |
vendor: | hp | model: | wbem a.02.00.01 | scope: | - | version: | - | Trust: 0.3 |
vendor: | hp | model: | wbem a.02.00.00 | scope: | - | version: | - | Trust: 0.3 |
vendor: | hp | model: | wbem a.01.05.08 | scope: | - | version: | - | Trust: 0.3 |
vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.23 | Trust: 0.3 |
vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.11 | Trust: 0.3 |
vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.0 | Trust: 0.3 |
vendor: | hp | model: | hp-ux | scope: | eq | version: | 8.5 | Trust: 0.3 |
vendor: | hp | model: | apache-based web server | scope: | eq | version: | 2.0.43.04 | Trust: 0.3 |
vendor: | hp | model: | apache-based web server | scope: | eq | version: | 2.0.43.00 | Trust: 0.3 |
vendor: | hp | model: | aaa server | scope: | - | version: | - | Trust: 0.3 |
vendor: | freebsd | model: | -release | scope: | eq | version: | 5.2 | Trust: 0.3 |
vendor: | freebsd | model: | freebsd | scope: | eq | version: | 5.2 | Trust: 0.3 |
vendor: | freebsd | model: | -releng | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | freebsd | model: | -release | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | freebsd | model: | freebsd | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | freebsd | model: | freebsd | scope: | eq | version: | 4.9 | Trust: 0.3 |
vendor: | freebsd | model: | -releng | scope: | eq | version: | 4.8 | Trust: 0.3 |
vendor: | freebsd | model: | freebsd | scope: | eq | version: | 4.8 | Trust: 0.3 |
vendor: | computer | model: | associates etrust security command center | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | citrix | model: | secure gateway for solaris | scope: | eq | version: | 1.13 | Trust: 0.3 |
vendor: | citrix | model: | secure gateway for solaris | scope: | eq | version: | 1.12 | Trust: 0.3 |
vendor: | citrix | model: | secure gateway for solaris | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | cisco | model: | webns .0.06s | scope: | eq | version: | 7.10 | Trust: 0.3 |
vendor: | cisco | model: | webns | scope: | eq | version: | 7.10 | Trust: 0.3 |
vendor: | cisco | model: | webns | scope: | eq | version: | 7.20.0.03 | Trust: 0.3 |
vendor: | cisco | model: | webns | scope: | eq | version: | 7.10.2.06 | Trust: 0.3 |
vendor: | cisco | model: | webns | scope: | eq | version: | 7.10.1.02 | Trust: 0.3 |
vendor: | cisco | model: | webns b4 | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | cisco | model: | webns | scope: | eq | version: | 6.10 | Trust: 0.3 |
vendor: | cisco | model: | threat response | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | secure content accelerator | scope: | eq | version: | 10000 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.2 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.1 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(3.109) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(3.102) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(1) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.3 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.2.111 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.2 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.1 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(3.100) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(3) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(2) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(1) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.5 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.4 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.3 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(5) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(4) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(3) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(2) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(1) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0.4 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0.3 | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(4.101) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(4) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(2) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(1) | Trust: 0.3 |
vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | cisco | model: | okena stormwatch | scope: | eq | version: | 3.2 | Trust: 0.3 |
vendor: | cisco | model: | mds | scope: | eq | version: | 9000 | Trust: 0.3 |
vendor: | cisco | model: | ios 12.2za | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.2sy | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.2 sy1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.2 sy | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 e1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 e9 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 e14 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 e12 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 ec | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | ios 12.1 ea1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | gss global site selector | scope: | eq | version: | 44900 | Trust: 0.3 |
vendor: | cisco | model: | gss global site selector | scope: | eq | version: | 4480 | Trust: 0.3 |
vendor: | cisco | model: | firewall services module | scope: | eq | version: | 2.1(0.208) | Trust: 0.3 |
vendor: | cisco | model: | firewall services module | scope: | eq | version: | 1.1.3 | Trust: 0.3 |
vendor: | cisco | model: | firewall services module | scope: | eq | version: | 1.1.2 | Trust: 0.3 |
vendor: | cisco | model: | firewall services module | scope: | eq | version: | 1.1(3.005) | Trust: 0.3 |
vendor: | cisco | model: | firewall services module | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | cisco | model: | css11500 content services switch | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | css11000 content services switch | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | css secure content accelerator | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | cisco | model: | css secure content accelerator | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | cisco | model: | ciscoworks common services | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | cisco | model: | ciscoworks common management foundation | scope: | eq | version: | 2.1 | Trust: 0.3 |
vendor: | cisco | model: | call manager | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | application & content networking software | scope: | - | version: | - | Trust: 0.3 |
vendor: | cisco | model: | access registrar | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 vsx ng with application intelligence | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 next generation fp2 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 next generation fp1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 next generation fp0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software providor-1 sp4 | scope: | eq | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software providor-1 sp3 | scope: | eq | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software providor-1 sp2 | scope: | eq | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software providor-1 sp1 | scope: | eq | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software providor-1 | scope: | eq | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 vsx ng with application intelligence | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 next generation fp2 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 next generation fp1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 next generation fp0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 gx | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | blue | model: | coat systems proxysg | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | blue | model: | coat systems cacheos ca/sa | scope: | eq | version: | 4.1.12 | Trust: 0.3 |
vendor: | blue | model: | coat systems cacheos ca/sa | scope: | eq | version: | 4.1.10 | Trust: 0.3 |
vendor: | avaya | model: | vsu r2.0.1 | scope: | eq | version: | 7500 | Trust: 0.3 |
vendor: | avaya | model: | vsu | scope: | eq | version: | 5x0 | Trust: 0.3 |
vendor: | avaya | model: | vsu r2.0.1 | scope: | eq | version: | 5000 | Trust: 0.3 |
vendor: | avaya | model: | vsu | scope: | eq | version: | 5000 | Trust: 0.3 |
vendor: | avaya | model: | vsu | scope: | eq | version: | 50 | Trust: 0.3 |
vendor: | avaya | model: | vsu r2.0.1 | scope: | eq | version: | 2000 | Trust: 0.3 |
vendor: | avaya | model: | vsu r2.0.1 | scope: | eq | version: | 10000 | Trust: 0.3 |
vendor: | avaya | model: | vsu r2.0.1 | scope: | eq | version: | 100 | Trust: 0.3 |
vendor: | avaya | model: | sg5x | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | avaya | model: | sg5x | scope: | eq | version: | 4.3 | Trust: 0.3 |
vendor: | avaya | model: | sg5x | scope: | eq | version: | 4.2 | Trust: 0.3 |
vendor: | avaya | model: | sg5 | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | avaya | model: | sg5 | scope: | eq | version: | 4.3 | Trust: 0.3 |
vendor: | avaya | model: | sg5 | scope: | eq | version: | 4.2 | Trust: 0.3 |
vendor: | avaya | model: | sg208 | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | avaya | model: | sg208 | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | avaya | model: | sg203 | scope: | eq | version: | 4.31.29 | Trust: 0.3 |
vendor: | avaya | model: | sg203 | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | avaya | model: | sg200 | scope: | eq | version: | 4.31.29 | Trust: 0.3 |
vendor: | avaya | model: | sg200 | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | avaya | model: | s8700 r2.0.1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | s8700 r2.0.0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | s8500 r2.0.1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | s8500 r2.0.0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | s8300 r2.0.1 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | s8300 r2.0.0 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | intuity r5 r5.1.46 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | intuity audix r5 | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | avaya | model: | intuity s3400 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | intuity s3210 | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | intuity lx | scope: | - | version: | - | Trust: 0.3 |
vendor: | avaya | model: | converged communications server | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.2 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.3.9 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.3.3 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.2 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.9 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.3 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.3.1 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.3 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.2.4 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.2.3 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.2.2 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.2.1 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 5.2 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | vmware | model: | gsx server | scope: | ne | version: | 2.5.2 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate sparc | scope: | ne | version: | 2.2.12 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate | scope: | ne | version: | 2.2.5x86 | Trust: 0.3 |
vendor: | stonesoft | model: | stonegate ibm zseries | scope: | ne | version: | 2.2.5 | Trust: 0.3 |
vendor: | secure | model: | computing sidewinder | scope: | ne | version: | 5.2.1.10 | Trust: 0.3 |
vendor: | rsa | model: | security bsafe ssl-j sdk | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | openssl | model: | project openssl d | scope: | ne | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl m | scope: | ne | version: | 0.9.6 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | ne | version: | 1.3.2 | Trust: 0.3 |
vendor: | lite speed | model: | litespeed web server | scope: | ne | version: | 1.0.2 | Trust: 0.3 |
vendor: | citrix | model: | secure gateway for solaris | scope: | ne | version: | 1.14 | Trust: 0.3 |
vendor: | cisco | model: | threat response | scope: | ne | version: | 2.0.3 | Trust: 0.3 |
vendor: | cisco | model: | mds | scope: | ne | version: | 90002.0(0.86) | Trust: 0.3 |
vendor: | cisco | model: | mds | scope: | ne | version: | 90001.3(3.33) | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp6 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp5a | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp5 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp4 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp3 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp2 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 sp1 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software vpn-1 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp6 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp5a | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp5 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp4 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp3 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp2 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 sp1 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | check | model: | point software firewall-1 | scope: | ne | version: | 4.1 | Trust: 0.3 |
vendor: | 4d | model: | webstar | scope: | ne | version: | 5.3.2 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Unknown
Trust: 0.3
EXTERNAL IDS
db: | NVD | id: | CAN-2004-0079 | Trust: 0.4 |
db: | BID | id: | 9899 | Trust: 0.3 |
db: | PACKETSTORM | id: | 32886 | Trust: 0.1 |
REFERENCES
url: | https://rhn.redhat.com/errata/rhsa-2004-119.html | Trust: 0.6 |
url: | http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524 | Trust: 0.6 |
url: | http://www.4d.com/products/4dwsv.html | Trust: 0.3 |
url: | http://support.avaya.com/japple/css/japple?page=avaya.css.openpage&temp.template.name=securityadvisory | Trust: 0.3 |
url: | http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml | Trust: 0.3 |
url: | http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000827 | Trust: 0.3 |
url: | http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000834 | Trust: 0.3 |
url: | ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt | Trust: 0.3 |
url: | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256 | Trust: 0.3 |
url: | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257 | Trust: 0.3 |
url: | http://www.netscreen.com/services/security/alerts/adv58466-signed.txt | Trust: 0.3 |
url: | http://www.stonesoft.com/document/art/3123.html | Trust: 0.3 |
url: | http://support.avaya.com/elmodocs2/security/asa-2005-239.htm | Trust: 0.3 |
url: | http://www.checkpoint.com/techsupport/alerts/openssl.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2004-120.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2004-139.html | Trust: 0.3 |
url: | http://rhn.redhat.com/errata/rhsa-2005-830.html | Trust: 0.3 |
url: | http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html | Trust: 0.3 |
url: | http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html | Trust: 0.3 |
url: | http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm | Trust: 0.3 |
url: | http://www.securecomputing.com/pdf/52110relnotes.pdf | Trust: 0.3 |
url: | http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571 | Trust: 0.3 |
url: | http://www.tarantella.com/security/bulletin-10.html | Trust: 0.3 |
url: | http://www.adiscon.com/common/en/advisory/2004-03-18.asp | Trust: 0.3 |
url: | http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt | Trust: 0.3 |
url: | http://www.litespeedtech.com | Trust: 0.3 |
url: | /archive/1/357672 | Trust: 0.3 |
url: | https://nvd.nist.gov/vuln/detail/cve-2004-0079 | Trust: 0.1 |
url: | http://www.codenomicon.com/testtools/tls/ | Trust: 0.1 |
url: | https://nvd.nist.gov/vuln/detail/cve-2004-0112 | Trust: 0.1 |
url: | http://www.openssl.org/source/mirror.html): | Trust: 0.1 |
url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112 | Trust: 0.1 |
url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079 | Trust: 0.1 |
url: | http://www.openssl.org/news/secadv_20040317.txt | Trust: 0.1 |
CREDITS
These issues were discovered by Stephen Henson and the OpenSSL Group.
Trust: 0.3
SOURCES
db: | BID | id: | 9899 |
db: | PACKETSTORM | id: | 32886 |
LAST UPDATE DATE
2022-05-06T07:44:02.207000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 9899 | date: | 2015-03-19T08:20:00 |
SOURCES RELEASE DATE
db: | BID | id: | 9899 | date: | 2004-03-17T00:00:00 |
db: | PACKETSTORM | id: | 32886 | date: | 2004-03-17T14:36:13 |