Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1568

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1568
Last Modified 05 Sep 2008 04:30:56
Published 17 Nov 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1568

Summary

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

Vulnerable Systems

Application

  • Openssl 0.9.6e


References

CONFIRM - http://cvs.openssl.org/chngview?cn=7659

MISC - http://www.ebitech.sk/patrik/SA/SA-20031002.txt

BUGTRAQ - 20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)


Last Updated: 27 May 2016 10:37:24