Vulnerabilities > CVE-2003-0544 - Unspecified vulnerability in Openssl 0.9.6/0.9.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN openssl
nessus
Summary
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-098.NASL description Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CVE-2003-0543 and CVE-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CVE-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. last seen 2020-06-01 modified 2020-06-02 plugin id 14080 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14080 title Mandrake Linux Security Advisory : openssl (MDKSA-2003:098) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:098. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14080); script_version ("1.24"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545"); script_xref(name:"CERT", value:"255484"); script_xref(name:"CERT", value:"380864"); script_xref(name:"CERT", value:"935264"); script_xref(name:"MDKSA", value:"2003:098"); script_name(english:"Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CVE-2003-0543 and CVE-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CVE-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems." ); script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030930.txt" ); # http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=openssl-dev&m=108445413725636" ); script_set_attribute( attribute:"see_also", value:"http://www.uniras.gov.uk/vuls/2003/006489/tls.htm" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libopenssl0-0.9.6i-1.5.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libopenssl0-devel-0.9.6i-1.5.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libopenssl0-static-devel-0.9.6i-1.5.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssl-0.9.6i-1.5.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libopenssl0-0.9.6i-1.6.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libopenssl0-devel-0.9.6i-1.6.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libopenssl0-static-devel-0.9.6i-1.6.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssl-0.9.6i-1.6.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libopenssl0-0.9.6i-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libopenssl0.9.7-0.9.7a-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libopenssl0.9.7-devel-0.9.7a-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssl-0.9.7a-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64openssl0.9.7-0.9.7b-5.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libopenssl0.9.7-0.9.7b-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libopenssl0.9.7-devel-0.9.7b-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"openssl-0.9.7b-5.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"openssl-0.9.7b-4.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-293.NASL description Updated OpenSSL packages are available that fix ASN.1 parsing vulnerabilities. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully crafted SSL client certificate to an application. The effects of such an attack vary depending on the application targetted; against Apache the effects are limited, as the attack would only cause child processes to die and be replaced. An attack against other applications that use OpenSSL could result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2003-0543 and CVE-2003-0544 to this issue. These erratum packages contain a patch provided by the OpenSSL group that protects against this issue. Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or reboot their systems after installing these updates. Red Hat would like to thank NISCC and Stephen Henson for their work on this vulnerability. These packages also include a patch from OpenSSL 0.9.6f which removes the calls to abort the process in certain circumstances. Red Hat would like to thank Patrik Hornik for notifying us of this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12425 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12425 title RHEL 2.1 : openssl (RHSA-2003:293) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:293. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12425); script_version ("1.34"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0543", "CVE-2003-0544"); script_bugtraq_id(8732); script_xref(name:"RHSA", value:"2003:293"); script_name(english:"RHEL 2.1 : openssl (RHSA-2003:293)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated OpenSSL packages are available that fix ASN.1 parsing vulnerabilities. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully crafted SSL client certificate to an application. The effects of such an attack vary depending on the application targetted; against Apache the effects are limited, as the attack would only cause child processes to die and be replaced. An attack against other applications that use OpenSSL could result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2003-0543 and CVE-2003-0544 to this issue. These erratum packages contain a patch provided by the OpenSSL group that protects against this issue. Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or reboot their systems after installing these updates. Red Hat would like to thank NISCC and Stephen Henson for their work on this vulnerability. These packages also include a patch from OpenSSL 0.9.6f which removes the calls to abort the process in certain circumstances. Red Hat would like to thank Patrik Hornik for notifying us of this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0543" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0544" ); # http://www.niscc.gov.uk/ script_set_attribute( attribute:"see_also", value:"http://www.cpni.gov.uk/" ); # http://www.openssl.org/news/secadv/20030930.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030930.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:293" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl095a"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl096"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:293"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-0.9.6b-35.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"openssl-0.9.6b-35.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-devel-0.9.6b-35.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-perl-0.9.6b-35.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl095a-0.9.5a-23.7.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl096-0.9.6-23.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl095a / openssl096"); } }NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29691.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17507 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17507 title HP-UX PHSS_29691 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_29691. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17507); script_version("1.21"); script_cvs_date("Date: 2018/11/19 11:02:41"); script_cve_id("CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545"); script_xref(name:"CERT", value:"104280"); script_xref(name:"CERT", value:"255484"); script_xref(name:"CERT", value:"686224"); script_xref(name:"CERT", value:"732952"); script_xref(name:"CERT", value:"935264"); script_xref(name:"HP", value:"HPSBUX0310"); script_xref(name:"HP", value:"SSRT3622"); script_name(english:"HP-UX PHSS_29691 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Virtualvault 4.6 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt." ); # http://www.openssl.org/news/secadv/20030930.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030930.txt" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_29691 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/11/25"); script_set_attribute(attribute:"patch_modification_date", value:"2004/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_29691 applies to a different OS release."); } patches = make_list("PHSS_29691", "PHSS_30154", "PHSS_30405", "PHSS_30645", "PHSS_30947", "PHSS_31057", "PHSS_31826", "PHSS_32183", "PHSS_33397", "PHSS_34120", "PHSS_35108", "PHSS_35462", "PHSS_35557"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"VaultTS.VV-CORE-CMN", version:"A.04.60")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-GUI", version:"A.04.60")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-JAVA", version:"A.04.60")) flag++; if (hpux_check_patch(app:"VaultWS.WS-CORE", version:"A.04.60")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30058.NASL description s700_800 11.04 Webproxy server 2.1 update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29. last seen 2020-06-01 modified 2020-06-02 plugin id 17514 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17514 title HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30058. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17514); script_version("1.18"); script_cvs_date("Date: 2018/11/19 11:02:42"); script_cve_id("CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545"); script_bugtraq_id(8911); script_xref(name:"CERT", value:"104280"); script_xref(name:"CERT", value:"255484"); script_xref(name:"CERT", value:"686224"); script_xref(name:"CERT", value:"732952"); script_xref(name:"CERT", value:"935264"); script_xref(name:"HP", value:"HPSBUX0310"); script_xref(name:"HP", value:"HPSBUX0401"); script_xref(name:"HP", value:"SSRT3622"); script_xref(name:"HP", value:"SSRT4681"); script_name(english:"HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Webproxy server 2.1 update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29." ); # http://www.openssl.org/news/secadv/20030930.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030930.txt" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30058 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/05"); script_set_attribute(attribute:"patch_modification_date", value:"2004/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_30058 applies to a different OS release."); } patches = make_list("PHSS_30058", "PHSS_30649", "PHSS_30950", "PHSS_31830", "PHSS_32362", "PHSS_33074", "PHSS_33666", "PHSS_34203", "PHSS_35111"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"HP_Webproxy.HPWEB-PX-CORE", version:"A.02.10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30057.NASL description s700_800 11.04 Virtualvault 4.7 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17513 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17513 title HP-UX PHSS_30057 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30055.NASL description s700_800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29. - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17511 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17511 title HP-UX PHSS_30055 : s700_800 11.04 Virtualvault 4.7 IWS update NASL family Web Servers NASL id OPENSSL_0_9_7C.NASL description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7c. A remote attacker could trigger a denial of service or even execute arbitrary code by using an invalid client certificate. last seen 2020-06-01 modified 2020-06-02 plugin id 17753 published 2012-01-04 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17753 title OpenSSL < 0.9.7c ASN.1 Decoding Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_043.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:043 (openssl). OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution. There are two problems with ASN.1 encoding that can be triggered either by special ASN.1 encodings or by special ASN.1 tags. In debugging mode public key decoding errors can be ignored but also lead to a crash of the verify code if an invalid public key was received from the client. A mistake in the SSL/TLS protocol handling will make the server accept client certificates even if they are not requested. This bug makes it possible to exploit the bugs mentioned above even if client authentication is disabled. There is not other solution known to this problem then updating to the current version from our FTP servers. To make this update effective, restart all servers using openssl please. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command last seen 2020-06-01 modified 2020-06-02 plugin id 13811 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13811 title SUSE-SA:2003:043: openssl NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29690.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 16631 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16631 title HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29894.NASL description s700_800 11.04 Webproxy server 2.0 update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29. last seen 2020-06-01 modified 2020-06-02 plugin id 16588 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16588 title HP-UX PHSS_29894 : s700_800 11.04 Webproxy server 2.0 update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30056.NASL description s700_800 11.04 Virtualvault 4.7 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29. last seen 2020-06-01 modified 2020-06-02 plugin id 17512 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17512 title HP-UX PHSS_30056 : s700_800 11.04 Virtualvault 4.7 OWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29891.NASL description s700_800 11.04 Virtualvault 4.6 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17508 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17508 title HP-UX PHSS_29891 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_31726.NASL description s700_800 11.23 Bind 9.2.0 components : 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. More details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. More details are available at: CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. last seen 2020-06-01 modified 2020-06-02 plugin id 16912 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16912 title HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-393.NASL description Dr. Stephen Henson (), using a test suite provided by NISCC (), discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service (DoS) condition on a system using the OpenSSL code, depending on how that code is used. For example, even though apache-ssl and ssh link to OpenSSL libraries, they should not be affected by this vulnerability. However, other SSL-enabled applications may be vulnerable and an OpenSSL upgrade is recommended. last seen 2020-06-01 modified 2020-06-02 plugin id 15230 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15230 title Debian DSA-393-1 : openssl - denial of service NASL family Web Servers NASL id OPENSSL_0_9_6K.NASL description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6k. A remote attacker can trigger a denial of service by using an invalid client certificate. last seen 2020-06-01 modified 2020-06-02 plugin id 17748 published 2012-01-04 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17748 title OpenSSL < 0.9.6k Denial of Service NASL family Misc. NASL id SSLTEST.NASL description The remote host seems to be running a version of OpenSSL that is older than 0.9.6k or 0.9.7c. There is a heap corruption bug in this version that might be exploited by an attacker to execute arbitrary code on the remote host with the privileges of the remote service. last seen 2020-03-18 modified 2003-10-10 plugin id 11875 published 2003-10-10 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11875 title OpenSSL ASN.1 Parser Multiple Remote DoS NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29892.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17509 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17509 title HP-UX PHSS_29892 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_29893.NASL description s700_800 11.04 Virtualvault 4.6 IWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. last seen 2020-06-01 modified 2020-06-02 plugin id 17510 published 2005-03-18 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17510 title HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access NASL family Debian Local Security Checks NASL id DEBIAN_DSA-394.NASL description Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC). A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0543 : Integer overflow in OpenSSL that allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. - CAN-2003-0544 : OpenSSL does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. - CAN-2003-0545 : Double-free vulnerability allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. This bug was only present in OpenSSL 0.9.7 and is listed here only for reference. last seen 2020-06-01 modified 2020-06-02 plugin id 15231 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15231 title Debian DSA-394-1 : openssl095 - ASN.1 parsing vulnerability
Oval
| accepted | 2014-08-18T04:05:56.097-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:4574 | ||||||||
| status | accepted | ||||||||
| submitted | 2004-10-19T03:10:00.000-04:00 | ||||||||
| title | OpenSSL ASN.1 Inputs Character Tracking Vulnerability | ||||||||
| version | 36 |
Redhat
| advisories |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-07 |
| organization | Red Hat |
| statement | For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). |
References
- http://www.redhat.com/support/errata/RHSA-2003-291.html
- http://www.redhat.com/support/errata/RHSA-2003-292.html
- http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
- http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
- http://www.debian.org/security/2003/dsa-393
- http://www.debian.org/security/2003/dsa-394
- http://www.cert.org/advisories/CA-2003-26.html
- http://www.kb.cert.org/vuls/id/380864
- http://www-1.ibm.com/support/docview.wss?uid=swg21247112
- http://secunia.com/advisories/22249
- http://www.securityfocus.com/bid/8732
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
- http://www.vupen.com/english/advisories/2006/3900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574