Vulnerabilities > CVE-2003-0564 - Denial of Service vulnerability in Hitachi products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
hitachi
nessus

Summary

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.

Vulnerable Configurations

Part Description Count
Application
Hitachi
2

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-021.NASL
    descriptionA number of vulnerabilities were discovered in Mozilla 1.4 : A malicious website could gain access to a user
    last seen2020-06-01
    modified2020-06-02
    plugin id14120
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14120
    titleMandrake Linux Security Advisory : mozilla (MDKSA-2004:021)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:021. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14120);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2003-0564", "CVE-2003-0594", "CVE-2003-0791");
      script_xref(name:"CERT", value:"428230");
      script_xref(name:"MDKSA", value:"2004:021");
    
      script_name(english:"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:021)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities were discovered in Mozilla 1.4 :
    
    A malicious website could gain access to a user's authentication
    credentials to a proxy server.
    
    Script.prototype.freeze/thaw could allow an attacker to run arbitrary
    code on your computer.
    
    A vulnerability was also discovered in the NSS security suite which
    ships with Mozilla. The S/MIME implementation would allow remote
    attackers to cause a Denial of Service and possibly execute arbitrary
    code via an S/MIME email message containing certain unexpected ASN.1
    constructs, which was demonstrated using the NISCC test suite. NSS
    version 3.9 corrects these problems and has been included in this
    package (which shipped with NSS 3.8).
    
    Finally, Corsaire discovered that a number of HTTP user agents
    contained a flaw in how they handle cookies. This flaw could allow an
    attacker to avoid the path restrictions specified by a cookie's
    originator. According to their advisory :
    
    'The cookie specifications detail a path argument that can be used to
    restrict the areas of a host that will be exposed to a cookie. By
    using standard traversal techniques this functionality can be
    subverted, potentially exposing the cookie to scrutiny and use in
    further attacks.'
    
    As well, a bug with Mozilla and Finnish keyboards has been corrected.
    
    The updated packages are patched to correct these vulnerabilities."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=213012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=220122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=221526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.uniras.gov.uk/vuls/2003/006489/smime.htm"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmime");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-spellchecker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-devel-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-devel-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-devel-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-devel-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-devel-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-dom-inspector-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmail-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmime-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-irc-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-js-debugger-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-mail-1.4-13.2.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-spellchecker-1.4-13.2.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-110.NASL
    descriptionUpdated Mozilla packages that fix vulnerabilities in S/MIME parsing as well as other issues and bugs are now available. Mozilla is a Web browser and mail reader, designed for standards compliance, performance and portability. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. NISCC testing of implementations of the S/MIME protocol uncovered a number of bugs in NSS versions prior to 3.9. The parsing of unexpected ASN.1 constructs within S/MIME data could cause Mozilla to crash or consume large amounts of memory. A remote attacker could potentially trigger these bugs by sending a carefully-crafted S/MIME message to a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0564 to this issue. Andreas Sandblad discovered a cross-site scripting issue that affects various versions of Mozilla. When linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any JavaScript events will be invoked in the context of the new page, making cross-site scripting possible if the different pages belong to different domains. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0191 to this issue. Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web server supplying a cookie to a client to specify a subset of URLs on the origin server to which the cookie applies. Web servers such as Apache do not filter returned cookies and assume that the client will only send back cookies for requests that fall within the server-supplied subset of URLs. However, by supplying URLs that use path traversal (/../) and character encoding, it is possible to fool many browsers into sending a cookie to a path outside of the originally-specified subset. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0594 to this issue. Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.4.2 and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12478
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12478
    titleRHEL 2.1 / 3 : mozilla (RHSA-2004:110)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:110. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12478);
      script_version ("1.33");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0564", "CVE-2003-0594", "CVE-2004-0191");
      script_xref(name:"RHSA", value:"2004:110");
    
      script_name(english:"RHEL 2.1 / 3 : mozilla (RHSA-2004:110)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Mozilla packages that fix vulnerabilities in S/MIME parsing as
    well as other issues and bugs are now available.
    
    Mozilla is a Web browser and mail reader, designed for standards
    compliance, performance and portability. Network Security Services
    (NSS) is a set of libraries designed to support cross-platform
    development of security-enabled server applications.
    
    NISCC testing of implementations of the S/MIME protocol uncovered a
    number of bugs in NSS versions prior to 3.9. The parsing of unexpected
    ASN.1 constructs within S/MIME data could cause Mozilla to crash or
    consume large amounts of memory. A remote attacker could potentially
    trigger these bugs by sending a carefully-crafted S/MIME message to a
    victim. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2003-0564 to this issue.
    
    Andreas Sandblad discovered a cross-site scripting issue that affects
    various versions of Mozilla. When linking to a new page it is still
    possible to interact with the old page before the new page has been
    successfully loaded. Any JavaScript events will be invoked in the
    context of the new page, making cross-site scripting possible if the
    different pages belong to different domains. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2004-0191 to this issue.
    
    Flaws have been found in the cookie path handling between a number of
    Web browsers and servers. The HTTP cookie standard allows a Web server
    supplying a cookie to a client to specify a subset of URLs on the
    origin server to which the cookie applies. Web servers such as Apache
    do not filter returned cookies and assume that the client will only
    send back cookies for requests that fall within the server-supplied
    subset of URLs. However, by supplying URLs that use path traversal
    (/../) and character encoding, it is possible to fool many browsers
    into sending a cookie to a path outside of the originally-specified
    subset. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2003-0594 to this issue.
    
    Users of Mozilla are advised to upgrade to these updated packages,
    which contain Mozilla version 1.4.2 and are not vulnerable to these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0191"
      );
      # http://www.mozilla.org/projects/security/pki/nss/#NSS_39
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS#NSS_39"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=227417
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=227417"
      );
      # http://www.niscc.gov.uk/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.cpni.gov.uk/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:110"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:110";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.13-0.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.4.2-2.1.0")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.4.2-2.1.0")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"mozilla-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.4.2-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.4.2-3.0.2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc");
      }
    }
    

Oval

  • accepted2013-04-29T04:14:12.944-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionMultiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
    familyunix
    idoval:org.mitre.oval:def:11462
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
    version26
  • accepted2007-04-25T19:53:05.158-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    descriptionMultiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
    familyunix
    idoval:org.mitre.oval:def:872
    statusaccepted
    submitted2004-03-18T12:00:00.000-04:00
    titleRed Hat S/MIME Protocol Denial of Service Vulnerability
    version38
  • accepted2007-04-25T19:53:09.016-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    descriptionMultiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
    familyunix
    idoval:org.mitre.oval:def:914
    statusaccepted
    submitted2004-04-08T12:00:00.000-04:00
    titleRed Hat Enterprise 3 S/MIME Protocol Denial of Service Vulnerability
    version37

Redhat

advisories
  • rhsa
    idRHSA-2004:110
  • rhsa
    idRHSA-2004:112