Vulnerability Note VU#288574

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Original Release date: 17 Mar 2004 | Last revised: 26 Mar 2004

Overview

OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.

Description

OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.

Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash.

Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/1.

Impact

A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL.

Solution

Upgrade or Patch
Upgrade to OpenSSL 0.9.7d or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected17 Mar 200406 May 2005
Check PointAffected17 Mar 200425 Mar 2004
DebianAffected17 Mar 200426 Mar 2004
OpenSSLAffected-16 Mar 2004
Red Hat Inc.Affected17 Mar 200425 Mar 2004
SuSE Inc.Affected17 Mar 200425 Mar 2004
Extreme NetworksNot Affected17 Mar 200426 Mar 2004
3ComUnknown-18 Mar 2004
AlcatelUnknown-18 Mar 2004
ApacheUnknown-18 Mar 2004
Apache-SSLUnknown-18 Mar 2004
At&TUnknown-18 Mar 2004
AvayaUnknown-18 Mar 2004
BorderwareUnknown-18 Mar 2004
BSDIUnknown-18 Mar 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0079
  • Date Public: 17 Mar 2004
  • Date First Published: 17 Mar 2004
  • Date Last Updated: 26 Mar 2004
  • Severity Metric: 27.38
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.