SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#288574

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Overview

OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.

I. Description

OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.

Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash.

Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/1.

II. Impact

A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL.

III. Solution

Upgrade or Patch

Upgrade to OpenSSL 0.9.7d or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown18-Mar-2004
AlcatelUnknown18-Mar-2004
ApacheUnknown18-Mar-2004
Apache-SSLUnknown18-Mar-2004
Apple Computer Inc.Vulnerable6-May-2005
At&TUnknown18-Mar-2004
AvayaUnknown18-Mar-2004
BorderwareUnknown18-Mar-2004
BSDIUnknown18-Mar-2004
CerticomUnknown18-Mar-2004
Check PointVulnerable25-Mar-2004
Cisco Systems Inc.Unknown18-Mar-2004
ClavisterUnknown18-Mar-2004
Computer AssociatesUnknown18-Mar-2004
ConectivaUnknown18-Mar-2004
CovalentUnknown18-Mar-2004
COVERT LabsUnknown18-Mar-2004
Cray Inc.Unknown18-Mar-2004
D-Link SystemsUnknown18-Mar-2004
Dan BernsteinUnknown18-Mar-2004
DebianVulnerable26-Mar-2004
EMC CorporationUnknown18-Mar-2004
EngardeUnknown18-Mar-2004
eSoftUnknown18-Mar-2004
Extreme NetworksNot Vulnerable26-Mar-2004
F-SecureUnknown18-Mar-2004
F5 NetworksUnknown18-Mar-2004
Foundry Networks Inc.Unknown18-Mar-2004
FreeBSDUnknown18-Mar-2004
FreeS/WANUnknown18-Mar-2004
FujitsuUnknown18-Mar-2004
Global Technology AssociatesUnknown18-Mar-2004
Hewlett-Packard CompanyUnknown18-Mar-2004
HitachiUnknown18-Mar-2004
IBMUnknown18-Mar-2004
Ingrian NetworksUnknown18-Mar-2004
IntelUnknown18-Mar-2004
Internet Initiative Japan (IIJ)Unknown18-Mar-2004
IntotoUnknown18-Mar-2004
IP FilterUnknown18-Mar-2004
Juniper NetworksUnknown18-Mar-2004
KAME ProjectUnknown18-Mar-2004
LachmanUnknown18-Mar-2004
LinksysUnknown18-Mar-2004
Lotus SoftwareUnknown18-Mar-2004
Lucent TechnologiesUnknown18-Mar-2004
MandrakeSoftUnknown18-Mar-2004
Microsoft CorporationUnknown18-Mar-2004
MontaVista SoftwareUnknown18-Mar-2004
Multi-Tech Systems Inc.Unknown18-Mar-2004
MultinetUnknown18-Mar-2004
NCSAUnknown18-Mar-2004
NEC CorporationUnknown18-Mar-2004
NETBSDUnknown18-Mar-2004
NetfilterUnknown18-Mar-2004
NetScreenUnknown18-Mar-2004
Network ApplianceUnknown18-Mar-2004
NISTUnknown18-Mar-2004
NokiaUnknown18-Mar-2004
Nortel NetworksUnknown18-Mar-2004
NovellUnknown18-Mar-2004
OpenBSDUnknown18-Mar-2004
OpenSSLVulnerable16-Mar-2004
Openwall GNU/*/LinuxUnknown18-Mar-2004
Red Hat Inc.Vulnerable25-Mar-2004
Redback Networks Inc.Unknown18-Mar-2004
Riverstone NetworksUnknown18-Mar-2004
SafeNetUnknown18-Mar-2004
SCOUnknown18-Mar-2004
Secure Computing CorporationUnknown18-Mar-2004
SecureWorksUnknown18-Mar-2004
SequentUnknown18-Mar-2004
SGIUnknown18-Mar-2004
Sony CorporationUnknown18-Mar-2004
SSH Communications SecurityUnknown18-Mar-2004
StonesoftUnknown18-Mar-2004
Sun Microsystems Inc.Unknown18-Mar-2004
SuSE Inc.Vulnerable25-Mar-2004
Symantec CorporationUnknown18-Mar-2004
TurboLinuxUnknown18-Mar-2004
UnisysUnknown18-Mar-2004
WatchGuardUnknown18-Mar-2004
Wind River Systems Inc.Unknown18-Mar-2004
WirexUnknown18-Mar-2004
ZyXELUnknown18-Mar-2004

References

http://www.us-cert.gov/cas/techalerts/TA04-078A.html
http://www.openssl.org/news/secadv_20040317.txt
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt
http://www.openssl.org

Credit

This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).

This document was written by Damon Morda.

Other Information

Date Public:2004-03-17
Date First Published:2004-03-17
Date Last Updated:2004-03-26
CERT Advisory: 
CVE-ID(s):CAN-2004-0079
NVD-ID(s):CAN-2004-0079
US-CERT Technical Alerts: 
Severity Metric:27.38
Document Revision:19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader