SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#288574

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Overview

OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.

I. Description

OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.

Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash.

Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/1.

II. Impact

A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL.

III. Solution

Upgrade or Patch

Upgrade to OpenSSL 0.9.7d or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown18-Mar-2004
AlcatelUnknown18-Mar-2004
ApacheUnknown18-Mar-2004
Apache-SSLUnknown18-Mar-2004
Apple Computer Inc.Vulnerable6-May-2005
At&TUnknown18-Mar-2004
AvayaUnknown18-Mar-2004
BorderwareUnknown18-Mar-2004
BSDIUnknown18-Mar-2004
CerticomUnknown18-Mar-2004
Check PointVulnerable25-Mar-2004
Cisco Systems Inc.Unknown18-Mar-2004
ClavisterUnknown18-Mar-2004
Computer AssociatesUnknown18-Mar-2004
ConectivaUnknown18-Mar-2004
CovalentUnknown18-Mar-2004
COVERT LabsUnknown18-Mar-2004
Cray Inc.Unknown18-Mar-2004
D-Link SystemsUnknown18-Mar-2004
Dan BernsteinUnknown18-Mar-2004
DebianVulnerable26-Mar-2004
EMC CorporationUnknown18-Mar-2004
EngardeUnknown18-Mar-2004
eSoftUnknown18-Mar-2004
Extreme NetworksNot Vulnerable26-Mar-2004
F-SecureUnknown18-Mar-2004
F5 NetworksUnknown18-Mar-2004
Foundry Networks Inc.Unknown18-Mar-2004
FreeBSDUnknown18-Mar-2004
FreeS/WANUnknown18-Mar-2004
FujitsuUnknown18-Mar-2004
Global Technology AssociatesUnknown18-Mar-2004
Hewlett-Packard CompanyUnknown18-Mar-2004
HitachiUnknown18-Mar-2004
IBMUnknown18-Mar-2004
Ingrian NetworksUnknown18-Mar-2004
IntelUnknown18-Mar-2004
Internet Initiative Japan (IIJ)Unknown18-Mar-2004
IntotoUnknown18-Mar-2004
IP FilterUnknown18-Mar-2004
Juniper NetworksUnknown18-Mar-2004
KAME ProjectUnknown18-Mar-2004
LachmanUnknown18-Mar-2004
LinksysUnknown18-Mar-2004
Lotus SoftwareUnknown18-Mar-2004
Lucent TechnologiesUnknown18-Mar-2004
MandrakeSoftUnknown18-Mar-2004
Microsoft CorporationUnknown18-Mar-2004
MontaVista SoftwareUnknown18-Mar-2004
Multi-Tech Systems Inc.Unknown18-Mar-2004
MultinetUnknown18-Mar-2004
NCSAUnknown18-Mar-2004
NEC CorporationUnknown18-Mar-2004
NETBSDUnknown18-Mar-2004
NetfilterUnknown18-Mar-2004
NetScreenUnknown18-Mar-2004
Network ApplianceUnknown18-Mar-2004
NISTUnknown18-Mar-2004
NokiaUnknown18-Mar-2004
Nortel NetworksUnknown18-Mar-2004
NovellUnknown18-Mar-2004
OpenBSDUnknown18-Mar-2004
OpenSSLVulnerable16-Mar-2004
Openwall GNU/*/LinuxUnknown18-Mar-2004
Red Hat Inc.Vulnerable25-Mar-2004
Redback Networks Inc.Unknown18-Mar-2004
Riverstone NetworksUnknown18-Mar-2004
SafeNetUnknown18-Mar-2004
SCOUnknown18-Mar-2004
Secure Computing CorporationUnknown18-Mar-2004
SecureWorksUnknown18-Mar-2004
SequentUnknown18-Mar-2004
SGIUnknown18-Mar-2004
Sony CorporationUnknown18-Mar-2004
SSH Communications SecurityUnknown18-Mar-2004
StonesoftUnknown18-Mar-2004
Sun Microsystems Inc.Unknown18-Mar-2004
SuSE Inc.Vulnerable25-Mar-2004
Symantec CorporationUnknown18-Mar-2004
TurboLinuxUnknown18-Mar-2004
UnisysUnknown18-Mar-2004
WatchGuardUnknown18-Mar-2004
Wind River Systems Inc.Unknown18-Mar-2004
WirexUnknown18-Mar-2004
ZyXELUnknown18-Mar-2004

References

http://www.us-cert.gov/cas/techalerts/TA04-078A.html
http://www.openssl.org/news/secadv_20040317.txt
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt
http://www.openssl.org

Credit

This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).

This document was written by Damon Morda.

Other Information

Date Public:2004-03-17
Date First Published:2004-03-17
Date Last Updated:2004-03-26
CERT Advisory: 
CVE-ID(s):CAN-2004-0079
NVD-ID(s):CAN-2004-0079
US-CERT Technical Alerts: 
Metric:27.38
Document Revision:19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader