Vulnerabilities > CVE-2004-0081
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040503.NASL description The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12518 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12518 title Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03) code # # (C) Tenable Network Security, Inc. # # better URL in solution, preserving old: #http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-03_(10_3_3_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Server).html #http://www.apple.com/downloads/macosx/apple/securityupdate.html if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12518); script_version ("1.17"); script_cve_id( "CVE-2004-0020", "CVE-2004-0113", "CVE-2004-0155", "CVE-2004-0174", "CVE-2004-0392", "CVE-2004-0403", "CVE-2004-0428", "CVE-2004-0430" ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)"); script_summary(english:"Check for Security Update 2004-05-03"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host." ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT1646" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2004/May/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-05-03." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'AppleFileServer LoginExt PathName Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24"); script_set_attribute(attribute:"patch_publication_date", value: "2004/05/03"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); os = get_kb_item("Host/MacOSX/Version"); if ( egrep(pattern:"Mac OS X 10\.3.* Server", string:os) ) exit(0); # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.3\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd2004-05-03", string:packages) ) security_hole(0); else { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2004-0079", value:TRUE); set_kb_item(name:"CVE-2004-0081", value:TRUE); set_kb_item(name:"CVE-2004-0112", value:TRUE); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200403-03.NASL description The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities) Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. Impact : Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. Workaround : There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten. last seen 2020-06-01 modified 2020-06-02 plugin id 14454 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14454 title GLSA-200403-03 : Multiple OpenSSL Vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200403-03. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14454); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112"); script_xref(name:"GLSA", value:"200403-03"); script_name(english:"GLSA-200403-03 : Multiple OpenSSL Vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities) Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. Impact : Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. Workaround : There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200403-03" ); script_set_attribute( attribute:"solution", value: "All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m: # emerge sync # emerge -pv '>=dev-libs/openssl-0.9.7d' # emerge '>=dev-libs/openssl-0.9.7d'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/openssl", unaffected:make_list("ge 0.9.7d", "eq 0.9.6m"), vulnerable:make_list("le 0.9.7c"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-libs/openssl"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-120.NASL description Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0079 to this issue. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0112 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3. These updated packages contain patches provided by the OpenSSL group that protect against these issues. Additionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates. last seen 2020-06-01 modified 2020-06-02 plugin id 12480 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12480 title RHEL 3 : openssl (RHSA-2004:120) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-119.NASL description Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages. last seen 2020-06-01 modified 2020-06-02 plugin id 12479 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12479 title RHEL 2.1 : openssl (RHSA-2004:119) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-465.NASL description Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory and this OpenSSL advisory. The Common Vulnerabilities and Exposures project identified the following vulnerabilities : - CAN-2004-0079 NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. - CAN-2004-0081 A bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). last seen 2020-06-01 modified 2020-06-02 plugin id 15302 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15302 title Debian DSA-465-1 : openssl - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2004-095.NASL description This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks; CVE-2004-0079 and CVE-2003-0851. Also included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue which could also lead to a denial of service attack; CVE-2004-0081. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13684 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13684 title Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095) NASL family Web Servers NASL id OPENSSL_DENIAL.NASL description According to its banner, the remote host is using a version of OpenSSL which is older than 0.9.6m / 0.9.7d. There are several bugs in such versions that may allow an attacker to cause a denial of service against the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12110 published 2004-03-17 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12110 title OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS
Oval
accepted 2013-04-29T04:15:39.270-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. family unix id oval:org.mitre.oval:def:11755 status accepted submitted 2010-07-09T03:56:16-04:00 title OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. version 26 accepted 2007-04-25T19:53:04.958-04:00 class vulnerability contributors name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. family unix id oval:org.mitre.oval:def:871 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat Enterprise 3 OpenSSL Improper Unknown Message Handling Vulnerability version 39 accepted 2007-04-25T19:53:08.302-04:00 class vulnerability contributors name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. family unix id oval:org.mitre.oval:def:902 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat OpenSSL Improper Unknown Message Handling Vulnerability version 39
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- http://www.kb.cert.org/vuls/id/465542
- http://www.securityfocus.com/bid/9899
- http://www.uniras.gov.uk/vuls/2004/224012/index.htm
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
- http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
- http://www.debian.org/security/2004/dsa-465
- http://rhn.redhat.com/errata/RHSA-2004-119.html
- http://www.redhat.com/support/errata/RHSA-2004-121.html
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
- ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
- http://www.us-cert.gov/cas/techalerts/TA04-078A.html
- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
- http://fedoranews.org/updates/FEDORA-2004-095.shtml
- http://security.gentoo.org/glsa/glsa-200403-03.xml
- http://www.redhat.com/support/errata/RHSA-2004-120.html
- http://www.redhat.com/support/errata/RHSA-2004-139.html
- http://www.trustix.org/errata/2004/0012
- http://secunia.com/advisories/11139
- http://marc.info/?l=bugtraq&m=107955049331965&w=2
- http://marc.info/?l=bugtraq&m=108403850228012&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755