ID

VAR-200403-0166


CVE

CAN-2004-0079


TITLE

OpenSSL Denial of Service Vulnerabilities

Trust: 0.3

sources: BID: 9899

DESCRIPTION

Three security vulnerabilities have been reported to affect OpenSSL. Each of these remotely exploitable issues may result in a denial of service in applications which use OpenSSL. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Null-pointer assignment during SSL handshake =============================================== Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. 2. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. Recommendations --------------- Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries. OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.7d.tar.gz MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5 o openssl-0.9.6m.tar.gz [normal] MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9 o openssl-engine-0.9.6m.tar.gz [engine] MD5 checksum: 4c39d2524bd466180f9077f8efddac8c The checksums were calculated using the following command: openssl md5 openssl-0.9*.tar.gz Credits ------- Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing. References ---------- http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt

Trust: 0.36

sources: BID: 9899 // PACKETSTORM: 32886

AFFECTED PRODUCTS

vendor:ciscomodel:ios 12.1 escope: - version: -

Trust: 0.6

vendor:vmwaremodel:gsx server buildscope:eqversion:3.07592

Trust: 0.3

vendor:vmwaremodel:gsx server buildscope:eqversion:2.5.15336

Trust: 0.3

vendor:vmwaremodel:gsx serverscope:eqversion:2.5.1

Trust: 0.3

vendor:vmwaremodel:gsx server buildscope:eqversion:2.0.12129

Trust: 0.3

vendor:vmwaremodel:gsx serverscope:eqversion:2.0

Trust: 0.3

vendor:tarantellamodel:enterprisescope:eqversion:33.40

Trust: 0.3

vendor:tarantellamodel:enterprisescope:eqversion:33.30

Trust: 0.3

vendor:tarantellamodel:enterprisescope:eqversion:33.200

Trust: 0.3

vendor:symantecmodel:clientless vpn gateway seriesscope:eqversion:44005.0

Trust: 0.3

vendor:sunmodel:crypto acceleratorscope:eqversion:40001.0

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:2.0.9

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:2.0.8

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:2.0.7

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:1.7.2

Trust: 0.3

vendor:stonesoftmodel:stonegate vpn clientscope:eqversion:1.7

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.2.4

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.2.1

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.2

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.1

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.9

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.8

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.7

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.6

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.5

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.4

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:2.0.1

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.7.2

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.7.1

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.7

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.6.3

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.6.2

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.5.18

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:eqversion:1.5.17

Trust: 0.3

vendor:stonesoftmodel:stonebeat webclusterscope:eqversion:2.5

Trust: 0.3

vendor:stonesoftmodel:stonebeat webclusterscope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat securityclusterscope:eqversion:2.5

Trust: 0.3

vendor:stonesoftmodel:stonebeat securityclusterscope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for raptorscope:eqversion:2.5

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for raptorscope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for isa serverscope:eqversion:3.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for gauntletscope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for firewall-1scope:eqversion:3.0

Trust: 0.3

vendor:stonesoftmodel:stonebeat fullcluster for firewall-1scope:eqversion:2.0

Trust: 0.3

vendor:stonesoftmodel:serverclusterscope:eqversion:2.5.2

Trust: 0.3

vendor:stonesoftmodel:serverclusterscope:eqversion:2.5

Trust: 0.3

vendor:sgimodel:propack sp6scope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:propackscope:eqversion:2.4

Trust: 0.3

vendor:sgimodel:propackscope:eqversion:2.3

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.24

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.23

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.22

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.20

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.1.02

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.1

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.0.04

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.0.03

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.0.02

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2.0.01

Trust: 0.3

vendor:securemodel:computing sidewinderscope:eqversion:5.2

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:7.1.3

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:7.1.1

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.7

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.6

Trust: 0.3

vendor:rsamodel:security bsafe ssl-j sdkscope:eqversion:3.1

Trust: 0.3

vendor:rsamodel:security bsafe ssl-j sdkscope:eqversion:3.0.1

Trust: 0.3

vendor:rsamodel:security bsafe ssl-j sdkscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:openssl096b-0.9.6b-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:openssl096-0.9.6-15.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:openssl-perl-0.9.7a-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:openssl-devel-0.9.7a-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:openssl-0.9.7a-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:linux i386scope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:redmodel:hat fedora core3scope: - version: -

Trust: 0.3

vendor:redmodel:hat fedora core2scope: - version: -

Trust: 0.3

vendor:redmodel:hat fedora core1scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.4

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.3

Trust: 0.3

vendor:novellmodel:imanagerscope:eqversion:2.0

Trust: 0.3

vendor:novellmodel:imanagerscope:eqversion:1.5

Trust: 0.3

vendor:novellmodel:edirectory su1scope:eqversion:8.7.1

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.7.1

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.7

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.6.2

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.5.27

Trust: 0.3

vendor:novellmodel:edirectory ascope:eqversion:8.5.12

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.5

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.0

Trust: 0.3

vendor:netscreenmodel:instant virtual extranetscope:eqversion:3.3.1

Trust: 0.3

vendor:netscreenmodel:instant virtual extranetscope:eqversion:3.3

Trust: 0.3

vendor:netscreenmodel:instant virtual extranetscope:eqversion:3.2

Trust: 0.3

vendor:netscreenmodel:instant virtual extranetscope:eqversion:3.1

Trust: 0.3

vendor:netscreenmodel:instant virtual extranetscope:eqversion:3.0

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.3.1

Trust: 0.3

vendor:lite speedmodel:litespeed web server rc3scope:eqversion:1.3

Trust: 0.3

vendor:lite speedmodel:litespeed web server rc2scope:eqversion:1.3

Trust: 0.3

vendor:lite speedmodel:litespeed web server rc1scope:eqversion:1.3

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.3

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.2.2

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.2.1

Trust: 0.3

vendor:lite speedmodel:litespeed web server rc2scope:eqversion:1.2

Trust: 0.3

vendor:lite speedmodel:litespeed web server rc1scope:eqversion:1.2

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.1.1

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.1

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.0.3

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.0.2

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:eqversion:1.0.1

Trust: 0.3

vendor:hpmodel:wbem a.02.00.01scope: - version: -

Trust: 0.3

vendor:hpmodel:wbem a.02.00.00scope: - version: -

Trust: 0.3

vendor:hpmodel:wbem a.01.05.08scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.23

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.11

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.0

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:8.5

Trust: 0.3

vendor:hpmodel:apache-based web serverscope:eqversion:2.0.43.04

Trust: 0.3

vendor:hpmodel:apache-based web serverscope:eqversion:2.0.43.00

Trust: 0.3

vendor:hpmodel:aaa serverscope: - version: -

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.9

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.8

Trust: 0.3

vendor:computermodel:associates etrust security command centerscope:eqversion:1.0

Trust: 0.3

vendor:citrixmodel:secure gateway for solarisscope:eqversion:1.13

Trust: 0.3

vendor:citrixmodel:secure gateway for solarisscope:eqversion:1.12

Trust: 0.3

vendor:citrixmodel:secure gateway for solarisscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:webns .0.06sscope:eqversion:7.10

Trust: 0.3

vendor:ciscomodel:webnsscope:eqversion:7.10

Trust: 0.3

vendor:ciscomodel:webnsscope:eqversion:7.20.0.03

Trust: 0.3

vendor:ciscomodel:webnsscope:eqversion:7.10.2.06

Trust: 0.3

vendor:ciscomodel:webnsscope:eqversion:7.10.1.02

Trust: 0.3

vendor:ciscomodel:webns b4scope:eqversion:6.10

Trust: 0.3

vendor:ciscomodel:webnsscope:eqversion:6.10

Trust: 0.3

vendor:ciscomodel:threat responsescope: - version: -

Trust: 0.3

vendor:ciscomodel:secure content acceleratorscope:eqversion:10000

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3(3.109)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3(3.102)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.2.111

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(3.100)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(3)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1.5

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1.4

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(5)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(4)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(3)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0.4

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(4.101)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(4)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:okena stormwatchscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:ios 12.2zascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sy1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 e1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 e9scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 e14scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 e12scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ecscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ea1scope: - version: -

Trust: 0.3

vendor:ciscomodel:gss global site selectorscope:eqversion:44900

Trust: 0.3

vendor:ciscomodel:gss global site selectorscope:eqversion:4480

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:2.1(0.208)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:1.1.3

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:1.1.2

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:1.1(3.005)

Trust: 0.3

vendor:ciscomodel:firewall services modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope: - version: -

Trust: 0.3

vendor:ciscomodel:css11000 content services switchscope: - version: -

Trust: 0.3

vendor:ciscomodel:css secure content acceleratorscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:css secure content acceleratorscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:ciscoworks common servicesscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:ciscoworks common management foundationscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:call managerscope: - version: -

Trust: 0.3

vendor:ciscomodel:application & content networking softwarescope: - version: -

Trust: 0.3

vendor:ciscomodel:access registrarscope: - version: -

Trust: 0.3

vendor:checkmodel:point software vpn-1 vsx ng with application intelligencescope: - version: -

Trust: 0.3

vendor:checkmodel:point software vpn-1 next generation fp2scope: - version: -

Trust: 0.3

vendor:checkmodel:point software vpn-1 next generation fp1scope: - version: -

Trust: 0.3

vendor:checkmodel:point software vpn-1 next generation fp0scope: - version: -

Trust: 0.3

vendor:checkmodel:point software providor-1 sp4scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software providor-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software providor-1 sp2scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software providor-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software providor-1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 vsx ng with application intelligencescope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 next generation fp2scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 next generation fp1scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 next generation fp0scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 gxscope:eqversion:2.0

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:0

Trust: 0.3

vendor:bluemodel:coat systems cacheos ca/sascope:eqversion:4.1.12

Trust: 0.3

vendor:bluemodel:coat systems cacheos ca/sascope:eqversion:4.1.10

Trust: 0.3

vendor:avayamodel:vsu r2.0.1scope:eqversion:7500

Trust: 0.3

vendor:avayamodel:vsuscope:eqversion:5x0

Trust: 0.3

vendor:avayamodel:vsu r2.0.1scope:eqversion:5000

Trust: 0.3

vendor:avayamodel:vsuscope:eqversion:5000

Trust: 0.3

vendor:avayamodel:vsuscope:eqversion:50

Trust: 0.3

vendor:avayamodel:vsu r2.0.1scope:eqversion:2000

Trust: 0.3

vendor:avayamodel:vsu r2.0.1scope:eqversion:10000

Trust: 0.3

vendor:avayamodel:vsu r2.0.1scope:eqversion:100

Trust: 0.3

vendor:avayamodel:sg5xscope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:sg5xscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:sg5xscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:sg5scope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:sg5scope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:sg5scope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:sg208scope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:sg208scope:eqversion:0

Trust: 0.3

vendor:avayamodel:sg203scope:eqversion:4.31.29

Trust: 0.3

vendor:avayamodel:sg203scope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:sg200scope:eqversion:4.31.29

Trust: 0.3

vendor:avayamodel:sg200scope:eqversion:4.4

Trust: 0.3

vendor:avayamodel:s8700 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8700 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity r5 r5.1.46scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity audix r5scope:eqversion:0

Trust: 0.3

vendor:avayamodel:intuity s3400scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity s3210scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity lxscope: - version: -

Trust: 0.3

vendor:avayamodel:converged communications serverscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.3.1

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.3

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.2.4

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.2.3

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.2.2

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.2.1

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:5.2

Trust: 0.3

vendor:4dmodel:webstarscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:gsx serverscope:neversion:2.5.2

Trust: 0.3

vendor:stonesoftmodel:stonegate sparcscope:neversion:2.2.12

Trust: 0.3

vendor:stonesoftmodel:stonegatescope:neversion:2.2.5x86

Trust: 0.3

vendor:stonesoftmodel:stonegate ibm zseriesscope:neversion:2.2.5

Trust: 0.3

vendor:securemodel:computing sidewinderscope:neversion:5.2.1.10

Trust: 0.3

vendor:rsamodel:security bsafe ssl-j sdkscope:neversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl dscope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl mscope:neversion:0.9.6

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:neversion:1.3.2

Trust: 0.3

vendor:lite speedmodel:litespeed web serverscope:neversion:1.0.2

Trust: 0.3

vendor:citrixmodel:secure gateway for solarisscope:neversion:1.14

Trust: 0.3

vendor:ciscomodel:threat responsescope:neversion:2.0.3

Trust: 0.3

vendor:ciscomodel:mdsscope:neversion:90002.0(0.86)

Trust: 0.3

vendor:ciscomodel:mdsscope:neversion:90001.3(3.33)

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp6scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp5ascope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp5scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp4scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp3scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp2scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp1scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp6scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp5ascope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp5scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp4scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp3scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp2scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp1scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:neversion:4.1

Trust: 0.3

vendor:4dmodel:webstarscope:neversion:5.3.2

Trust: 0.3

sources: BID: 9899

THREAT TYPE

network

Trust: 0.3

sources: BID: 9899

TYPE

Unknown

Trust: 0.3

sources: BID: 9899

EXTERNAL IDS

db:NVDid:CAN-2004-0079

Trust: 0.4

db:BIDid:9899

Trust: 0.3

db:PACKETSTORMid:32886

Trust: 0.1

sources: BID: 9899 // PACKETSTORM: 32886

REFERENCES

url:https://rhn.redhat.com/errata/rhsa-2004-119.html

Trust: 0.6

url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524

Trust: 0.6

url:http://www.4d.com/products/4dwsv.html

Trust: 0.3

url:http://support.avaya.com/japple/css/japple?page=avaya.css.openpage&temp.template.name=securityadvisory

Trust: 0.3

url:http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml

Trust: 0.3

url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000827

Trust: 0.3

url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000834

Trust: 0.3

url:ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt

Trust: 0.3

url:http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256

Trust: 0.3

url:http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257

Trust: 0.3

url:http://www.netscreen.com/services/security/alerts/adv58466-signed.txt

Trust: 0.3

url:http://www.stonesoft.com/document/art/3123.html

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2005-239.htm

Trust: 0.3

url:http://www.checkpoint.com/techsupport/alerts/openssl.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2004-120.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2004-139.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2005-830.html

Trust: 0.3

url:http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html

Trust: 0.3

url:http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html

Trust: 0.3

url:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm

Trust: 0.3

url:http://www.securecomputing.com/pdf/52110relnotes.pdf

Trust: 0.3

url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571

Trust: 0.3

url:http://www.tarantella.com/security/bulletin-10.html

Trust: 0.3

url:http://www.adiscon.com/common/en/advisory/2004-03-18.asp

Trust: 0.3

url:http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt

Trust: 0.3

url:http://www.litespeedtech.com

Trust: 0.3

url:/archive/1/357672

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2004-0079

Trust: 0.1

url:http://www.codenomicon.com/testtools/tls/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2004-0112

Trust: 0.1

url:http://www.openssl.org/source/mirror.html):

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079

Trust: 0.1

url:http://www.openssl.org/news/secadv_20040317.txt

Trust: 0.1

sources: BID: 9899 // PACKETSTORM: 32886

CREDITS

These issues were discovered by Stephen Henson and the OpenSSL Group.

Trust: 0.3

sources: BID: 9899

SOURCES

db:BIDid:9899
db:PACKETSTORMid:32886

LAST UPDATE DATE

2022-05-06T07:44:02.207000+00:00


SOURCES UPDATE DATE

db:BIDid:9899date:2015-03-19T08:20:00

SOURCES RELEASE DATE

db:BIDid:9899date:2004-03-17T00:00:00
db:PACKETSTORMid:32886date:2004-03-17T14:36:13