CERT/CC Vulnerability Note VU#288574

Overview

OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.

Description

OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.

Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash.

Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/1.

Impact

A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL.

Solution

Upgrade or Patch
Upgrade to OpenSSL 0.9.7d or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.

Vendor Information

288574

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Apple Computer Inc. Affected

Check Point Affected

Debian Affected

OpenSSL Affected

Red Hat Inc. Affected

SuSE Inc. Affected

Extreme Networks Not Affected

3Com Unknown

Alcatel Unknown

Apache Unknown

Apache-SSL Unknown

At&T Unknown

Avaya Unknown

BSDI Unknown

Borderware Unknown

COVERT Labs Unknown

Certicom Unknown

Cisco Systems Inc. Unknown

Clavister Unknown

Computer Associates Unknown

Conectiva Unknown

Covalent Unknown

Cray Inc. Unknown

D-Link Systems Unknown

Dan Bernstein Unknown

EMC Corporation Unknown

Engarde Unknown

F-Secure Unknown

F5 Networks Unknown

Foundry Networks Inc. Unknown

FreeBSD Unknown

FreeS/WAN Unknown

Fujitsu Unknown

Global Technology Associates Unknown

Hewlett-Packard Company Unknown

Hitachi Unknown

IBM Unknown

IP Filter Unknown

Ingrian Networks Unknown

Intel Unknown

Internet Initiative Japan (IIJ) Unknown

Intoto Unknown

Juniper Networks Unknown

KAME Project Unknown

Lachman Unknown

Linksys Unknown

Lotus Software Unknown

Lucent Technologies Unknown

MandrakeSoft Unknown

Microsoft Corporation Unknown

MontaVista Software Unknown

Multi-Tech Systems Inc. Unknown

Multinet Unknown

NCSA Unknown

NEC Corporation Unknown

NETBSD Unknown

NIST Unknown

NetScreen Unknown

Netfilter Unknown

Network Appliance Unknown

Nokia Unknown

Nortel Networks Unknown

Novell Unknown

OpenBSD Unknown

Openwall GNU/*/Linux Unknown

Redback Networks Inc. Unknown

Riverstone Networks Unknown

SCO Unknown

SGI Unknown

SSH Communications Security Unknown

SafeNet Unknown

Secure Computing Corporation Unknown

SecureWorks Unknown

Sequent Unknown

Sony Corporation Unknown

Stonesoft Unknown

Sun Microsystems Inc. Unknown

Symantec Corporation Unknown

TurboLinux Unknown

Unisys Unknown

WatchGuard Unknown

Wind River Systems Inc. Unknown

Wirex Unknown

ZyXEL Unknown

eSoft Unknown

View all 85 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).

This document was written by Damon Morda.

Other Information

CVE IDs:	CVE-2004-0079
Severity Metric:	27.38
Date Public:	2004-03-17
Date First Published:	2004-03-17
Date Last Updated:	2004-03-26 21:58 UTC
Document Revision:	25

Software Engineering Institute

CERT Coordination Center

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Vulnerability Note VU#288574