CVE-2004-0081

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Firewall Services Module 1.1.3 Cisco Firewall Services Module 1.1_\(3.005\) Cisco Firewall Services Module * Cisco Firewall Services Module 1.1.2 Cisco Firewall Services Module 2.1_\(0.208\) Cisco Call Manager * Cisco Content Services Switch 11500 * Cisco GSS 4480 Global Site Selector * Cisco Secure Content Accelerator 10000 Cisco GSS 4490 Global Site Selector * Cisco MDS 9000 *	11
Hardware	Symantec Symantec Clientless VPN Gateway 4400 5.0	1
Hardware	Hp HP Apache Based WEB Server 2.0.43.00 HP Apache Based WEB Server 2.0.43.04 HP AAA Server *	3
Hardware	Avaya Avaya Sg208 4.4 Avaya Sg208 * Avaya SG5 4.2 Avaya SG5 4.3 Avaya SG5 4.4 Avaya Sg203 4.4 Avaya Sg203 4.31.29 Avaya Sg200 4.4 Avaya Sg200 4.31.29 Avaya Converged Communications Server 2.0 Avaya S8300 R2.0.0 Avaya S8300 R2.0.1 Avaya S8700 R2.0.0 Avaya S8700 R2.0.1 Avaya S8500 R2.0.0 Avaya S8500 R2.0.1	16
Hardware	Bluecoat Bluecoat Proxysg *	1
Hardware	Securecomputing Securecomputing Sidewinder 5.2.0.01 Securecomputing Sidewinder 5.2.0.02 Securecomputing Sidewinder 5.2.0.03 Securecomputing Sidewinder 5.2.0.04 Securecomputing Sidewinder 5.2 Securecomputing Sidewinder 5.2.1 Securecomputing Sidewinder 5.2.1.02	7
Hardware	Sun SUN Crypto Accelerator 4000 1.0	1
Application	Cisco Cisco Ciscoworks Common Management Foundation 2.1 Cisco Ciscoworks Common Services 2.2 Cisco Access Registrar * Cisco Application AND Content Networking Software * Cisco Webns 6.10 Cisco Webns 6.10_B4 Cisco Webns 7.2_0.0.03 Cisco Webns 7.10 Cisco Webns 7.10_.0.06S Cisco Webns 7.1_0.1.02 Cisco Webns 7.1_0.2.06 Cisco PIX Firewall 6.2.2_.111 Cisco Threat Response * Cisco Css11000 Content Services Switch * Cisco Okena Stormwatch 3.2 Cisco CSS Secure Content Accelerator 1.0 Cisco CSS Secure Content Accelerator 2.0	17
Application	4D 4D Webstar 4.0 4D Webstar 5.2 4D Webstar 5.3 4D Webstar 5.3.1 4D Webstar 5.2.3 4D Webstar 5.2.4 4D Webstar 5.2.1 4D Webstar 5.2.2	8
Application	Avaya Avaya Intuity Audix 5.1.46 Avaya Intuity Audix S3210 Avaya Intuity Audix * Avaya Intuity Audix S3400 Avaya VSU 5000_R2.0.1 Avaya VSU 5X Avaya VSU 5 Avaya VSU 500 Avaya VSU 10000_R2.0.1 Avaya VSU 2000_R2.0.1 Avaya VSU 100_R2.0.1 Avaya VSU 7500_R2.0.1	12
Application	Checkpoint Checkpoint Provider 1 4.1 Checkpoint Firewall 1 Next_Generation_Fp1 Checkpoint Firewall 1 Next_Generation_Fp2 Checkpoint Firewall 1 2.0 Checkpoint Firewall 1 Next_Generation_Fp0 Checkpoint Firewall 1 * Checkpoint VPN 1 Next_Generation_Fp1 Checkpoint VPN 1 Vsx_Ng_With_Application_Intelligence Checkpoint VPN 1 Next_Generation Checkpoint VPN 1 Next_Generation_Fp0	14
Application	Hp HP Wbem A.02.00.00 HP Wbem A.02.00.01 HP Wbem A.01.05.08	3
Application	Lite Lite Speed Technologies Litespeed WEB Server 1.2_Rc1 Lite Speed Technologies Litespeed WEB Server 1.2_Rc2 Lite Speed Technologies Litespeed WEB Server 1.2.1 Lite Speed Technologies Litespeed WEB Server 1.2.2 Lite Speed Technologies Litespeed WEB Server 1.3_Rc3 Lite Speed Technologies Litespeed WEB Server 1.1 Lite Speed Technologies Litespeed WEB Server 1.1.1 Lite Speed Technologies Litespeed WEB Server 1.3_Rc1 Lite Speed Technologies Litespeed WEB Server 1.3_Rc2 Lite Speed Technologies Litespeed WEB Server 1.0.1 Lite Speed Technologies Litespeed WEB Server 1.0.2 Lite Speed Technologies Litespeed WEB Server 1.0.3 Lite Speed Technologies Litespeed WEB Server 1.3 Lite Speed Technologies Litespeed WEB Server 1.3.1	14
Application	Neoteris Neoteris Instant Virtual Extranet 3.1 Neoteris Instant Virtual Extranet 3.2 Neoteris Instant Virtual Extranet 3.0 Neoteris Instant Virtual Extranet 3.3 Neoteris Instant Virtual Extranet 3.3.1	5
Application	Novell Novell Edirectory 8.6.2 Novell Edirectory 8.7 Novell Edirectory 8.7.1 Novell Edirectory 8.5.12A Novell Edirectory 8.5.27 Novell Edirectory 8.0 Novell Edirectory 8.5 Novell Imanager 2.0 Novell Imanager 1.5	10
Application	Openssl Openssl Openssl 0.9.6D Openssl Openssl 0.9.6E Openssl Openssl 0.9.7 Openssl Openssl 0.9.6F Openssl Openssl 0.9.6G Openssl Openssl 0.9.6C Openssl Openssl 0.9.6J Openssl Openssl 0.9.6K Openssl Openssl 0.9.7C Openssl Openssl 0.9.6H Openssl Openssl 0.9.6I Openssl Openssl 0.9.7A Openssl Openssl 0.9.7B	16
Application	Redhat Redhat Openssl 0.9.6B-3 Redhat Openssl 0.9.7A-2 Redhat Openssl 0.9.6-15	5
Application	Sgi SGI Propack 3.0 SGI Propack 2.3 SGI Propack 2.4	3
Application	Stonesoft Stonesoft Servercluster 2.5 Stonesoft Servercluster 2.5.2 Stonesoft Stonebeat Securitycluster 2.0 Stonesoft Stonebeat Securitycluster 2.5 Stonesoft Stonegate 1.7 Stonesoft Stonegate 1.7.1 Stonesoft Stonegate 1.7.2 Stonesoft Stonegate 2.0.9 Stonesoft Stonegate 2.1 Stonesoft Stonegate 2.0.1 Stonesoft Stonegate 2.0.4 Stonesoft Stonegate 2.2 Stonesoft Stonegate 2.2.1 Stonesoft Stonegate 1.6.2 Stonesoft Stonegate 1.6.3 Stonesoft Stonegate 2.0.7 Stonesoft Stonegate 2.0.8 Stonesoft Stonegate 1.5.17 Stonesoft Stonegate 1.5.18 Stonesoft Stonegate 2.0.5 Stonesoft Stonegate 2.0.6 Stonesoft Stonegate 2.2.4 Stonesoft Stonegate VPN Client 2.0.7 Stonesoft Stonegate VPN Client 2.0.8 Stonesoft Stonegate VPN Client 2.0.9 Stonesoft Stonegate VPN Client 1.7.2 Stonesoft Stonegate VPN Client 2.0 Stonesoft Stonegate VPN Client 1.7 Stonesoft Stonebeat Fullcluster 1_2.0 Stonesoft Stonebeat Fullcluster 2.5 Stonesoft Stonebeat Fullcluster 3.0 Stonesoft Stonebeat Fullcluster 1_3.0 Stonesoft Stonebeat Fullcluster 2.0 Stonesoft Stonebeat Webcluster 2.0 Stonesoft Stonebeat Webcluster 2.5	35
Application	Vmware Vmware GSX Server 2.5.1_Build_5336 Vmware GSX Server 3.0_Build_7592 Vmware GSX Server 2.0 Vmware GSX Server 2.0.1_Build_2129 Vmware GSX Server 2.5.1	5
Application	Dell Dell Bsafe SSL J 3.0 Dell Bsafe SSL J 3.0.1 Dell Bsafe SSL J 3.1	3
Application	Tarantella Tarantella Tarantella Enterprise 3.20 Tarantella Tarantella Enterprise 3.30 Tarantella Tarantella Enterprise 3.40	3
OS	Freebsd Freebsd Freebsd 5.1 Freebsd Freebsd 4.8 Freebsd Freebsd 4.9 Freebsd Freebsd 5.2.1 Freebsd Freebsd 5.2	8
OS	Hp HP HP UX 8.05 HP HP UX 11.11 HP HP UX 11.23 HP HP UX 11.00	4
OS	Openbsd Openbsd Openbsd 3.3 Openbsd Openbsd 3.4	2
OS	Redhat Redhat Linux 8.0 Redhat Linux 7.2 Redhat Linux 7.3 Redhat Enterprise Linux Desktop 3.0 Redhat Enterprise Linux 3.0	7
OS	Sco SCO Openserver 5.0.6 SCO Openserver 5.0.7	2
OS	Apple Apple MAC OS X Server 10.3.3 Apple MAC OS X 10.3.3	2
OS	Cisco Cisco IOS 12.1\(11B\)E14 Cisco IOS 12.1\(13\)E9 Cisco IOS 12.1\(11B\)E Cisco IOS 12.1\(11B\)E12 Cisco IOS 12.2Za Cisco IOS 12.1\(11\)E Cisco IOS 12.2\(14\)Sy1 Cisco IOS 12.2Sy Cisco IOS 12.1\(19\)E1 Cisco IOS 12.2\(14\)Sy Cisco PIX Firewall Software 6.0 Cisco PIX Firewall Software 6.0\(1\) Cisco PIX Firewall Software 6.1\(2\) Cisco PIX Firewall Software 6.1\(3\) Cisco PIX Firewall Software 6.2\(3.100\) Cisco PIX Firewall Software 6.3 Cisco PIX Firewall Software 6.0\(2\) Cisco PIX Firewall Software 6.0\(3\) Cisco PIX Firewall Software 6.1\(4\) Cisco PIX Firewall Software 6.1\(5\) Cisco PIX Firewall Software 6.3\(1\) Cisco PIX Firewall Software 6.3\(2\) Cisco PIX Firewall Software 6.3\(3.102\) Cisco PIX Firewall Software 6.1 Cisco PIX Firewall Software 6.1\(1\) Cisco PIX Firewall Software 6.2\(2\) Cisco PIX Firewall Software 6.2\(3\) Cisco PIX Firewall Software 6.0\(4\) Cisco PIX Firewall Software 6.0\(4.101\) Cisco PIX Firewall Software 6.2 Cisco PIX Firewall Software 6.2\(1\) Cisco PIX Firewall Software 6.3\(3.109\)	32
OS	Bluecoat Bluecoat Cacheos CA SA 4.1.10 Bluecoat Cacheos CA SA 4.1.12	2

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD20040503.NASL
description	The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	12518
published	2004-07-06
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12518
title	Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)
code	# # (C) Tenable Network Security, Inc. # # better URL in solution, preserving old: #http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-03_(10_3_3_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Server).html #http://www.apple.com/downloads/macosx/apple/securityupdate.html if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12518); script_version ("1.17"); script_cve_id( "CVE-2004-0020", "CVE-2004-0113", "CVE-2004-0155", "CVE-2004-0174", "CVE-2004-0392", "CVE-2004-0403", "CVE-2004-0428", "CVE-2004-0430" ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)"); script_summary(english:"Check for Security Update 2004-05-03"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host." ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT1646" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2004/May/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-05-03." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'AppleFileServer LoginExt PathName Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24"); script_set_attribute(attribute:"patch_publication_date", value: "2004/05/03"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); os = get_kb_item("Host/MacOSX/Version"); if ( egrep(pattern:"Mac OS X 10\.3.* Server", string:os) ) exit(0); # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.\|7\.3\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd2004-05-03", string:packages) ) security_hole(0); else { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2004-0079", value:TRUE); set_kb_item(name:"CVE-2004-0081", value:TRUE); set_kb_item(name:"CVE-2004-0112", value:TRUE); } }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200403-03.NASL
description	The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities) Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. Impact : Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. Workaround : There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.
last seen	2020-06-01
modified	2020-06-02
plugin id	14454
published	2004-08-30
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14454
title	GLSA-200403-03 : Multiple OpenSSL Vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200403-03. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14454); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112"); script_xref(name:"GLSA", value:"200403-03"); script_name(english:"GLSA-200403-03 : Multiple OpenSSL Vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities) Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. Impact : Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. Workaround : There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200403-03" ); script_set_attribute( attribute:"solution", value: "All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m: # emerge sync # emerge -pv '>=dev-libs/openssl-0.9.7d' # emerge '>=dev-libs/openssl-0.9.7d'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/openssl", unaffected:make_list("ge 0.9.7d", "eq 0.9.6m"), vulnerable:make_list("le 0.9.7c"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-libs/openssl"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-120.NASL
description	Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0079 to this issue. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0112 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3. These updated packages contain patches provided by the OpenSSL group that protect against these issues. Additionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates.
last seen	2020-06-01
modified	2020-06-02
plugin id	12480
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12480
title	RHEL 3 : openssl (RHSA-2004:120)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-119.NASL
description	Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages.
last seen	2020-06-01
modified	2020-06-02
plugin id	12479
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12479
title	RHEL 2.1 : openssl (RHSA-2004:119)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-465.NASL
description	Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory and this OpenSSL advisory. The Common Vulnerabilities and Exposures project identified the following vulnerabilities : - CAN-2004-0079 NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. - CAN-2004-0081 A bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop).
last seen	2020-06-01
modified	2020-06-02
plugin id	15302
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15302
title	Debian DSA-465-1 : openssl - several vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-095.NASL
description	This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks; CVE-2004-0079 and CVE-2003-0851. Also included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue which could also lead to a denial of service attack; CVE-2004-0081. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	13684
published	2004-07-23
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13684
title	Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)

NASL family	Web Servers
NASL id	OPENSSL_DENIAL.NASL
description	According to its banner, the remote host is using a version of OpenSSL which is older than 0.9.6m / 0.9.7d. There are several bugs in such versions that may allow an attacker to cause a denial of service against the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	12110
published	2004-03-17
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12110
title	OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS

Oval

accepted

2013-04-29T04:15:39.270-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

family

unix

id

oval:org.mitre.oval:def:11755

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

version

26

accepted

2007-04-25T19:53:04.958-04:00

class

vulnerability

contributors

name Matt Busby
organization The MITRE Corporation
name Matt Busby
organization The MITRE Corporation
name Matt Busby
organization The MITRE Corporation
name Thomas R. Jones
organization Maitreya Security

description

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

family

unix

id

oval:org.mitre.oval:def:871

status

accepted

submitted

2004-03-20T12:00:00.000-04:00

title

Red Hat Enterprise 3 OpenSSL Improper Unknown Message Handling Vulnerability

version

39

accepted

2007-04-25T19:53:08.302-04:00

class

vulnerability

contributors

name Matt Busby
organization The MITRE Corporation
name Matt Busby
organization The MITRE Corporation
name Thomas R. Jones
organization Maitreya Security

description

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

family

unix

id

oval:org.mitre.oval:def:902

status

accepted

submitted

2004-03-20T12:00:00.000-04:00

title

Red Hat OpenSSL Improper Unknown Message Handling Vulnerability

version

39

Redhat

advisories

rhsa
id RHSA-2004:119
rhsa
id RHSA-2004:120
rhsa
id RHSA-2004:121
rhsa
id RHSA-2004:139

rpms

openssl-0:0.9.7a-33.4
openssl-debuginfo-0:0.9.7a-33.4
openssl-devel-0:0.9.7a-33.4
openssl-perl-0:0.9.7a-33.4
openssl096b-0:0.9.6b-16
openssl096b-debuginfo-0:0.9.6b-16

Vulnerabilities > CVE-2004-0081

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2004-0081 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-0081"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2004-0081