Vulnerabilities > CVE-2003-0851 - Remote Denial Of Service vulnerability in OpenSSL ASN.1 Large Recursion

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

openssl

nessus

NVD

Published: 2003-12-01

Updated: 2018-10-30

Summary

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.1$11$E Cisco IOS 12.1$11B$E Cisco IOS 12.2Sx Cisco IOS 12.2Sy Cisco PIX Firewall Software 6.0 Cisco PIX Firewall Software 6.0$1$ Cisco PIX Firewall Software 6.0$2$ Cisco PIX Firewall Software 6.0$3$ Cisco PIX Firewall Software 6.0$4$ Cisco PIX Firewall Software 6.0$4.101$ Cisco PIX Firewall Software 6.1 Cisco PIX Firewall Software 6.1$1$ Cisco PIX Firewall Software 6.1$2$ Cisco PIX Firewall Software 6.1$3$ Cisco PIX Firewall Software 6.1$4$ Cisco PIX Firewall Software 6.1$5$ Cisco PIX Firewall Software 6.2 Cisco PIX Firewall Software 6.2$1$ Cisco PIX Firewall Software 6.2$2$ Cisco PIX Firewall Software 6.2$3$ Cisco PIX Firewall Software 6.3$1$ Cisco PIX Firewall Software 6.3$3.102$	22
Application	Cisco Cisco Css11000 Content Services Switch * Cisco PIX Firewall 6.2.2_.111	2
Application	Openssl Openssl Openssl 0.9.6 Openssl Openssl 0.9.6A Openssl Openssl 0.9.6B Openssl Openssl 0.9.6C Openssl Openssl 0.9.6D Openssl Openssl 0.9.6E Openssl Openssl 0.9.6F Openssl Openssl 0.9.6G Openssl Openssl 0.9.6H Openssl Openssl 0.9.6I Openssl Openssl 0.9.6J Openssl Openssl 0.9.6K Openssl Openssl 0.9.7 Openssl Openssl 0.9.7A Openssl Openssl 0.9.7B	15

Nessus

NASL family	Web Servers
NASL id	OPENSSL_0_9_6L.NASL
description	According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6l. A remote attacker can trigger a denial of service by using an invalid client certificate.
last seen	2020-06-01
modified	2020-06-02
plugin id	17749
published	2012-01-04
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17749
title	OpenSSL < 0.9.6l Denial of Service
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17749); script_version("1.9"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2003-0851"); script_bugtraq_id(8970); script_xref(name:"CERT", value:"412478"); script_name(english:"OpenSSL < 0.9.6l Denial of Service"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value: "The remote server is vulnerable to a denial of service attack."); script_set_attribute(attribute:"description", value: "According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6l. A remote attacker can trigger a denial of service by using an invalid client certificate."); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20031104.txt"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=106796246511667&w=2"); script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.6l or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/04"); script_set_attribute(attribute:"patch_publication_date", value:"2003/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.6l', severity:SECURITY_WARNING);

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-119.NASL
description	Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages.
last seen	2020-06-01
modified	2020-06-02
plugin id	12479
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12479
title	RHEL 2.1 : openssl (RHSA-2004:119)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:119. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12479); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0851", "CVE-2004-0081"); script_bugtraq_id(8970, 9899); script_xref(name:"RHSA", value:"2004:119"); script_name(english:"RHEL 2.1 : openssl (RHSA-2004:119)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0851" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0081" ); script_set_attribute( attribute:"see_also", value:"http://www.codenomicon.com/testtools/tls/" ); # http://www.niscc.gov.uk/ script_set_attribute( attribute:"see_also", value:"http://www.cpni.gov.uk/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:119" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl095a"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl096"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/01"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:119"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-0.9.6b-36")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"openssl-0.9.6b-36")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-devel-0.9.6b-36")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-perl-0.9.6b-36")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl095a-0.9.5a-24")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl096-0.9.6-25.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl095a / openssl096"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-095.NASL
description	This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks; CVE-2004-0079 and CVE-2003-0851. Also included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue which could also lead to a denial of service attack; CVE-2004-0081. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	13684
published	2004-07-23
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13684
title	Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-095. # include("compat.inc"); if (description) { script_id(13684); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0079", "CVE-2004-0081"); script_xref(name:"FEDORA", value:"2004-095"); script_name(english:"Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks; CVE-2004-0079 and CVE-2003-0851. Also included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue which could also lead to a denial of service attack; CVE-2004-0081. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-March/000095.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5539ab6e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096b"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC1", reference:"openssl-0.9.7a-33.10")) flag++; if (rpm_check(release:"FC1", reference:"openssl-debuginfo-0.9.7a-33.10")) flag++; if (rpm_check(release:"FC1", reference:"openssl-devel-0.9.7a-33.10")) flag++; if (rpm_check(release:"FC1", reference:"openssl-perl-0.9.7a-33.10")) flag++; if (rpm_check(release:"FC1", reference:"openssl096-0.9.6-26")) flag++; if (rpm_check(release:"FC1", reference:"openssl096-debuginfo-0.9.6-26")) flag++; if (rpm_check(release:"FC1", reference:"openssl096b-0.9.6b-18")) flag++; if (rpm_check(release:"FC1", reference:"openssl096b-debuginfo-0.9.6b-18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-1042.NASL
description	CVE-2004-0079, a remote crasher, was originally believed to only affect versions of OpenSSL after 0.9.6b verified with Codenomicon test suite (see pkt539.c). However we
last seen	2020-06-01
modified	2020-06-02
plugin id	20114
published	2005-11-02
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20114
title	Fedora Core 3 : openssl096b-0.9.6b-21.42 (2005-1042)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-1042. # include("compat.inc"); if (description) { script_id(20114); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2003-0851", "CVE-2004-0079"); script_bugtraq_id(8970, 9899); script_xref(name:"FEDORA", value:"2005-1042"); script_name(english:"Fedora Core 3 : openssl096b-0.9.6b-21.42 (2005-1042)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2004-0079, a remote crasher, was originally believed to only affect versions of OpenSSL after 0.9.6b verified with Codenomicon test suite (see pkt539.c). However we've had a customer report that this affects 0.9.6b via a different reproducer. This therefore affects the openssl096b compat packages as shipped with FC-3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-October/001532.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a715297f" ); script_set_attribute( attribute:"solution", value: "Update the affected openssl096b and / or openssl096b-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096b"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"openssl096b-0.9.6b-21.42")) flag++; if (rpm_check(release:"FC3", reference:"openssl096b-debuginfo-0.9.6b-21.42")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl096b / openssl096b-debuginfo"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD20031219.NASL
description	The remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fs_usage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	12516
published	2004-07-06
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12516
title	Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19)
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12516); script_version ("1.17"); script_cve_id("CVE-2003-1007", "CVE-2003-1008", "CVE-2003-1010", "CVE-2003-1011", "CVE-2003-1006", "CVE-2003-0962", "CVE-2003-1009", "CVE-2003-0851", "CVE-2003-0792"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X security update." ); script_set_attribute(attribute:"description", value: "The remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fs_usage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host." ); # http://web.archive.org/web/20060418210647/http://docs.info.apple.com/article.html?artnum=120291 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?44c2938e"); script_set_attribute(attribute:"solution", value: "Install security update 2003-12-19. For more information, see http://support.apple.com/kb/HT1646." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/20"); script_set_attribute(attribute:"patch_publication_date", value: "2003/12/19"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for Security Update 2003-12-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) ) { if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0); } # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.\|7\.[12]\.)", string:uname) ) { if ( ! egrep(pattern:"^SecurityUpd2003-12-19", string:packages) ) security_hole(0); }

Oval

accepted

2008-09-08T04:00:26.119-04:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Hewlett-Packard

description

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

family

ios

oval:org.mitre.oval:def:5528

status

accepted

submitted

2008-05-02T11:06:36.000-04:00

title

OpenSSL 0.9.6k ASN.1 DoS Vulnerability

version

Redhat

advisories

rhsa

id	RHSA-2004:119

Part	Description	Count
OS	Cisco Cisco IOS 12.1\(11\)E Cisco IOS 12.1\(11B\)E Cisco IOS 12.2Sx Cisco IOS 12.2Sy Cisco PIX Firewall Software 6.0 Cisco PIX Firewall Software 6.0\(1\) Cisco PIX Firewall Software 6.0\(2\) Cisco PIX Firewall Software 6.0\(3\) Cisco PIX Firewall Software 6.0\(4\) Cisco PIX Firewall Software 6.0\(4.101\) Cisco PIX Firewall Software 6.1 Cisco PIX Firewall Software 6.1\(1\) Cisco PIX Firewall Software 6.1\(2\) Cisco PIX Firewall Software 6.1\(3\) Cisco PIX Firewall Software 6.1\(4\) Cisco PIX Firewall Software 6.1\(5\) Cisco PIX Firewall Software 6.2 Cisco PIX Firewall Software 6.2\(1\) Cisco PIX Firewall Software 6.2\(2\) Cisco PIX Firewall Software 6.2\(3\) Cisco PIX Firewall Software 6.3\(1\) Cisco PIX Firewall Software 6.3\(3.102\)	22
Application	Cisco Cisco Css11000 Content Services Switch * Cisco PIX Firewall 6.2.2_.111	2
Application	Openssl Openssl Openssl 0.9.6 Openssl Openssl 0.9.6A Openssl Openssl 0.9.6B Openssl Openssl 0.9.6C Openssl Openssl 0.9.6D Openssl Openssl 0.9.6E Openssl Openssl 0.9.6F Openssl Openssl 0.9.6G Openssl Openssl 0.9.6H Openssl Openssl 0.9.6I Openssl Openssl 0.9.6J Openssl Openssl 0.9.6K Openssl Openssl 0.9.7 Openssl Openssl 0.9.7A Openssl Openssl 0.9.7B	15

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References