Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0656

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0656
Last Modified 10 Sep 2008 03:12:40
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0656

Summary

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.0

  • Apple Mac Os X 10.0.1

  • Apple Mac Os X 10.0.2

  • Apple Mac Os X 10.0.3

  • Apple Mac Os X 10.0.4

  • Apple Mac Os X 10.1

  • Apple Mac Os X 10.1.1

  • Apple Mac Os X 10.1.2

  • Apple Mac Os X 10.1.3

  • Apple Mac Os X 10.1.4

  • Apple Mac Os X 10.1.5

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.7

  • Oracle Application Server

  • Oracle Application Server 1.0.2

  • Oracle Application Server 1.0.2.1s

  • Oracle Application Server 1.0.2.2

  • Oracle Corporate Time Outlook Connector 3.1

  • Oracle Corporate Time Outlook Connector 3.1.1

  • Oracle Corporate Time Outlook Connector 3.1.2

  • Oracle Corporate Time Outlook Connector 3.3

  • Oracle Http Server 9.0.1

  • Oracle Http Server 9.2.0


References

CERT-VN - VU#258555

CERT-VN - VU#102795

CERT - CA-2002-23

BID - 5363

BID - 5362

MANDRAKE - MDKSA-2002:046

XF - openssl-ssl2-masterkey-bo(9714)

CONECTIVA - CLA-2002:513

FREEBSD - FreeBSD-SA-02:33

CALDERA - CSSA-2002-033.1

CALDERA - CSSA-2002-033.0

XF - openssl-ssl3-sessionid-bo(9716)


Last Updated: 27 May 2016 10:37:00