| VID |
22226 |
| Severity |
40 |
| Port |
443 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The OpenSSL versions contains a Denial of Service Vulnerability due to a flaw in deallocation of ASN.1 memory.
OpenSSL is an open-source implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. The versions 0.9.7b and earlier of OpenSSL are vulnerable to a denial of service vulnerability, caused by a flaw in the deallocation of memory used to store ASN.1 structures.
By providing specially crafted data to the vulnerable ASN.1 parser, a remote attacker can cause a denial of service. It may be possible to execute arbitrary code with the privileges of the process using the vulnerable SSL library.
* Note: This check solely relied on the banner of the remote OpenSSL to assess this vulnerability, so this might be a false positive.
* References:
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
http://www.openssl.org/news/secadv_20030930.txt
http://www.kb.cert.org/vuls/id/935264
* Platforms Affected:
OpenSSL 0.9.7b and earlier |
| Recommendation |
Upgrade to the latest OpenSSL package as specified by your vendor from
http://www.securityfocus.com/bid/8732/solution
-- OR --
Upgrade to the latest version of OpenSSL(0.9.7c or later), as listed in OpenSSL Security Advisory [30 September 2003] at http://www.openssl.org/news/secadv_20030930.txt |
| Related URL |
CVE-2003-0545 (CVE) |
| Related URL |
8732 (SecurityFocus) |
| Related URL |
13315 (ISS) |
|
