Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0112

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0112
Last Modified 21 Aug 2010 12:19:35
Published 23 Nov 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0112

Summary

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3.3

  • Apple Mac Os X Server 10.3.3

  • Bluecoat Cacheos Ca Sa 4.1.10

  • Bluecoat Cacheos Ca Sa 4.1.12

  • Cisco Ios 12.1%2811%29e

  • Cisco Ios 12.1%2811b%29e

  • Cisco Ios 12.1%2811b%29e12

  • Cisco Ios 12.1%2811b%29e14

  • Cisco Ios 12.1%2813%29e9

  • Cisco Ios 12.1%2819%29e1

  • Cisco Ios 12.2%2814%29sy

  • Cisco Ios 12.2%2814%29sy1

  • Cisco Ios 12.2sy

  • Cisco Ios 12.2za

  • Cisco Pix Firewall 6.0

  • Cisco Pix Firewall 6.0%281%29

  • Cisco Pix Firewall 6.0%282%29

  • Cisco Pix Firewall 6.0%283%29

  • Cisco Pix Firewall 6.0%284%29

  • Cisco Pix Firewall 6.0%284.101%29

  • Cisco Pix Firewall 6.1

  • Cisco Pix Firewall 6.1%281%29

  • Cisco Pix Firewall 6.1%282%29

  • Cisco Pix Firewall 6.1%283%29

  • Cisco Pix Firewall 6.1%284%29

  • Cisco Pix Firewall 6.1%285%29

  • Cisco Pix Firewall 6.2

  • Cisco Pix Firewall 6.2%281%29

  • Cisco Pix Firewall 6.2%282%29

  • Cisco Pix Firewall 6.2%283%29

  • Cisco Pix Firewall 6.2%283.100%29

  • Cisco Pix Firewall 6.3

  • Cisco Pix Firewall 6.3%281%29

  • Cisco Pix Firewall 6.3%282%29

  • Cisco Pix Firewall 6.3%283.102%29

  • Cisco Pix Firewall 6.3%283.109%29

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Hp-ux 11.23

  • Hp-ux 8.05

  • Openbsd 3.3

  • Openbsd 3.4

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Linux 7.2

  • Redhat Linux 7.3

  • Redhat Linux 8.0

  • Sco Openserver 5.0.6

  • Sco Openserver 5.0.7

Application

  • 4d Webstar 4.0

  • 4d Webstar 5.2

  • 4d Webstar 5.2.1

  • 4d Webstar 5.2.2

  • 4d Webstar 5.2.3

  • 4d Webstar 5.2.4

  • 4d Webstar 5.3

  • 4d Webstar 5.3.1

  • Avaya Intuity Audix

  • Avaya Intuity Audix 5.1.46

  • Avaya Intuity Audix S3210

  • Avaya Intuity Audix S3400

  • Avaya Vsu 100 R2.0.1

  • Avaya Vsu 10000 R2.0.1

  • Avaya Vsu 2000 R2.0.1

  • Avaya Vsu 5

  • Avaya Vsu 500

  • Avaya Vsu 5000 R2.0.1

  • Avaya Vsu 5x

  • Avaya Vsu 7500 R2.0.1

  • Checkpoint Firewall-1

  • Checkpoint Firewall-1 2.0

  • Checkpoint Firewall-1 Next Generation Fp0

  • Checkpoint Firewall-1 Next Generation Fp1

  • Checkpoint Firewall-1 Next Generation Fp2

  • Checkpoint Provider-1 4.1

  • Checkpoint Vpn-1 Next Generation Fp0

  • Checkpoint Vpn-1 Next Generation Fp1

  • Checkpoint Vpn-1 Next Generation Fp2

  • Checkpoint Vpn-1 Vsx Ng With Application Intelligence

  • Cisco Access Registrar

  • Cisco Application And Content Networking Software

  • Cisco Css Secure Content Accelerator 1.0

  • Cisco Css Secure Content Accelerator 2.0

  • Cisco Css11000 Content Services Switch

  • Cisco Okena Stormwatch 3.2

  • Cisco Pix Firewall 6.2.2 .111

  • Cisco Threat Response

  • Cisco Webns 6.10

  • Cisco Webns 6.10 B4

  • Cisco Webns 7.1 0.1.02

  • Cisco Webns 7.1 0.2.06

  • Cisco Webns 7.10

  • Cisco Webns 7.10 .0.06s

  • Cisco Webns 7.2 0.0.03

  • Ciscoworks Common Management Foundation 2.1

  • Ciscoworks Common Services 2.2

  • Hp Wbem A.01.05.08

  • Hp Wbem A.02.00.00

  • Hp Wbem A.02.00.01

  • Neoteris Instant Virtual Extranet 3.0

  • Neoteris Instant Virtual Extranet 3.1

  • Neoteris Instant Virtual Extranet 3.2

  • Neoteris Instant Virtual Extranet 3.3

  • Neoteris Instant Virtual Extranet 3.3.1

  • Novell Edirectory 8.0

  • Novell Edirectory 8.5

  • Novell Edirectory 8.5.12a

  • Novell Edirectory 8.5.27

  • Novell Edirectory 8.6.2

  • Novell Edirectory 8.7

  • Novell Edirectory 8.7.1

  • Novell Imanager 1.5

  • Novell Imanager 2.0

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Redhat Openssl 0.9.6-15

  • Redhat Openssl 0.9.6b-3

  • Redhat Openssl 0.9.7a-2

  • Rsa Bsafe Ssl-j Sdk 3.0

  • Rsa Bsafe Ssl-j Sdk 3.0.1

  • Rsa Bsafe Ssl-j Sdk 3.1

  • Sgi Propack 2.3

  • Sgi Propack 2.4

  • Sgi Propack 3.0

  • Speed Technologies Litespeed Web Server 1.0.1

  • Speed Technologies Litespeed Web Server 1.0.2

  • Speed Technologies Litespeed Web Server 1.0.3

  • Speed Technologies Litespeed Web Server 1.1

  • Speed Technologies Litespeed Web Server 1.1.1

  • Speed Technologies Litespeed Web Server 1.2 Rc1

  • Speed Technologies Litespeed Web Server 1.2 Rc2

  • Speed Technologies Litespeed Web Server 1.2.1

  • Speed Technologies Litespeed Web Server 1.2.2

  • Speed Technologies Litespeed Web Server 1.3

  • Speed Technologies Litespeed Web Server 1.3 Rc1

  • Speed Technologies Litespeed Web Server 1.3 Rc2

  • Speed Technologies Litespeed Web Server 1.3 Rc3

  • Speed Technologies Litespeed Web Server 1.3.1

  • Stonesoft Servercluster 2.5

  • Stonesoft Servercluster 2.5.2

  • Stonesoft Stonebeat Fullcluster 1 2.0

  • Stonesoft Stonebeat Fullcluster 1 3.0

  • Stonesoft Stonebeat Fullcluster 2.0

  • Stonesoft Stonebeat Fullcluster 2.5

  • Stonesoft Stonebeat Fullcluster 3.0

  • Stonesoft Stonebeat Securitycluster 2.0

  • Stonesoft Stonebeat Securitycluster 2.5

  • Stonesoft Stonebeat Webcluster 2.0

  • Stonesoft Stonebeat Webcluster 2.5

  • Stonesoft Stonegate 1.5.17

  • Stonesoft Stonegate 1.5.18

  • Stonesoft Stonegate 1.6.2

  • Stonesoft Stonegate 1.6.3

  • Stonesoft Stonegate 1.7

  • Stonesoft Stonegate 1.7.1

  • Stonesoft Stonegate 1.7.2

  • Stonesoft Stonegate 2.0.1

  • Stonesoft Stonegate 2.0.4

  • Stonesoft Stonegate 2.0.5

  • Stonesoft Stonegate 2.0.6

  • Stonesoft Stonegate 2.0.7

  • Stonesoft Stonegate 2.0.8

  • Stonesoft Stonegate 2.0.9

  • Stonesoft Stonegate 2.1

  • Stonesoft Stonegate 2.2

  • Stonesoft Stonegate 2.2.1

  • Stonesoft Stonegate 2.2.4

  • Tarantella Enterprise 3.20

  • Tarantella Enterprise 3.30

  • Tarantella Enterprise 3.40

  • Vmware Gsx Server 2.0

  • Vmware Gsx Server 2.0.1 Build 2129

  • Vmware Gsx Server 2.5.1

  • Vmware Gsx Server 2.5.1 Build 5336

  • Vmware Gsx Server 3.0 Build 7592


References

CERT - TA04-078A

CERT-VN - VU#484726

XF - openssl-kerberos-ciphersuites-dos(15508)

MISC - http://www.uniras.gov.uk/vuls/2004/224012/index.htm

TRUSTIX - 2004-0012

SLACKWARE - SSA:2004-077

BID - 9899

REDHAT - RHSA-2004:121

REDHAT - RHSA-2004:120

CONFIRM - http://www.openssl.org/news/secadv_20040317.txt

SUSE - SuSE-SA:2004:007

CISCO - 20040317 Cisco OpenSSL Implementation Vulnerability

CIAC - O-101

SUNALERT - 57524

GENTOO - GLSA-200403-03

SECUNIA - 11139

HP - SSRT4717

BUGTRAQ - 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]

CONFIRM - http://lists.apple.com/mhonarc/security-announce/msg00045.html

APPLE - APPLE-SA-2005-08-15

APPLE - APPLE-SA-2005-08-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=61798

CONECTIVA - CLA-2004:834

SCO - SCOSA-2004.10

NETBSD - NetBSD-SA2004-005

MANDRAKE - MDKSA-2004:023


Last Updated: 27 May 2016 10:38:28