Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0851

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0851
Last Modified 04 Mar 2009 12:19:14
Published 01 Dec 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0851

Summary

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

Vulnerable Systems

Operating System

  • Cisco Ios 12.1%2811%29e

  • Cisco Ios 12.1%2811b%29e

  • Cisco Ios 12.2sx

  • Cisco Ios 12.2sy

  • Cisco Pix Firewall 6.0

  • Cisco Pix Firewall 6.0%281%29

  • Cisco Pix Firewall 6.0%282%29

  • Cisco Pix Firewall 6.0%283%29

  • Cisco Pix Firewall 6.0%284%29

  • Cisco Pix Firewall 6.0%284.101%29

  • Cisco Pix Firewall 6.1

  • Cisco Pix Firewall 6.1%281%29

  • Cisco Pix Firewall 6.1%282%29

  • Cisco Pix Firewall 6.1%283%29

  • Cisco Pix Firewall 6.1%284%29

  • Cisco Pix Firewall 6.1%285%29

  • Cisco Pix Firewall 6.2

  • Cisco Pix Firewall 6.2%281%29

  • Cisco Pix Firewall 6.2%282%29

  • Cisco Pix Firewall 6.2%283%29

  • Cisco Pix Firewall 6.3%281%29

  • Cisco Pix Firewall 6.3%283.102%29

Application

  • Cisco Css11000 Content Services Switch

  • Cisco Pix Firewall 6.2.2 .111

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b


References

CERT-VN - VU#412478

BID - 8970

CONFIRM - http://www.openssl.org/news/secadv_20031104.txt

BUGTRAQ - 20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing

CISCO - 20030930 SSL Implementation Vulnerabilities

REDHAT - RHSA-2004:119

SGI - 20040304-01-U

NETBSD - NetBSD-SA2004-003

FEDORA - FEDORA-2005-1042

SECUNIA - 17381

BUGTRAQ - 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability


Last Updated: 27 May 2016 10:38:05