Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0544

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0544
Last Modified 07 Mar 2011 09:12:45
Published 17 Nov 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0544

Summary

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Vulnerable Systems

Application

  • Openssl 0.9.6

  • Openssl 0.9.7


References

CERT-VN - VU#380864

CERT - CA-2003-26

REDHAT - RHSA-2003:292

REDHAT - RHSA-2003:291

VUPEN - ADV-2006-3900

MISC - http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

ENGARDE - ESA-20030930-027

DEBIAN - DSA-394

DEBIAN - DSA-393

SUNALERT - 201029

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893

XF - openssl-asn1-sslclient-dos(43041)

BID - 8732

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21247112

SECUNIA - 22249


Last Updated: 27 May 2016 10:37:57