{"pluginID": "1361412562310835158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for AAA Server HPSBUX01011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service.\";\ntag_affected = \"AAA Server on\n HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.06.01.02.04 HP-UX \n B.11.23 running HP-UX AAA Server A.06.01.02.06.\";\ntag_insight = \"A potential security vulnerability has been identified withthe HP-UX AAA \n server where an unauthenticated remote attackercould cause a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835158\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01011\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0081\");\n script_name( \"HP-UX Update for AAA Server HPSBUX01011\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of AAA Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "history": [{"lastseen": "2018-04-06T11:38:22", "bulletin": {"pluginID": "1361412562310835158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for AAA Server HPSBUX01011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service.\";\ntag_affected = \"AAA Server on\n HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.06.01.02.04 HP-UX \n B.11.23 running HP-UX AAA Server A.06.01.02.06.\";\ntag_insight = \"A potential security vulnerability has been identified withthe HP-UX AAA \n server where an unauthenticated remote attackercould cause a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835158\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01011\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0081\");\n script_name( \"HP-UX Update for AAA Server HPSBUX01011\");\n\n script_summary(\"Check for the Version of AAA Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "history": [], "description": "Check for the Version of AAA Server", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835158", "type": "openvas", "hashmap": [{"hash": "dd65fd0dd0b7685ed8ddc51c1c4f250d", "key": "cvelist"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "1c533cee934b75fd91a12fa84e258e32", "key": "href"}, {"hash": "601c3d73f5e40c0c779c89f61b992b59", "key": "published"}, {"hash": "3fb7e7ea394be3ae06f32620a0fd4be0", "key": "description"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b703a12e2acae0a6e581b109d88e5466", "key": "pluginID"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "2a685f6922f961fd3133648fea158553", "key": "sourceData"}, {"hash": "7cd9522bd64943b5bf234d39189e1663", "key": "title"}, {"hash": "f075d798b5312375c5135da710766ee6", "key": "references"}], "viewCount": 0, "lastseen": "2018-04-06T11:38:22", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2", "01011"], "modified": "2018-04-06T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "id": "OPENVAS:1361412562310835158", "title": "HP-UX Update for AAA Server HPSBUX01011", "published": "2009-05-05T00:00:00", "hash": "2a6df3e501ec459e23be02202f09fc3fdceb4b3b9e4465ab45ceb410aca2ef4b", "edition": 1, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N/", "value": 4.0, "modified": "2018-04-06T11:38:22"}}}, "edition": 1, "differentElements": ["sourceData"]}], "description": "Check for the Version of AAA Server", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835158", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "dd65fd0dd0b7685ed8ddc51c1c4f250d"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "3fb7e7ea394be3ae06f32620a0fd4be0"}, {"key": "href", "hash": "1c533cee934b75fd91a12fa84e258e32"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "f537a8c4c2a2ecce05af223984a006fc"}, {"key": "pluginID", "hash": "b703a12e2acae0a6e581b109d88e5466"}, {"key": "published", "hash": "601c3d73f5e40c0c779c89f61b992b59"}, {"key": "references", "hash": "f075d798b5312375c5135da710766ee6"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "sourceData", "hash": "baa9b6cc40ee268ae69a058c31887a8d"}, {"key": "title", "hash": "7cd9522bd64943b5bf234d39189e1663"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 1, "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2", "01011"], "lastseen": "2018-04-09T11:39:39", "published": "2009-05-05T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "id": "OPENVAS:1361412562310835158", "hash": "cae5fc60a2a32b94e4e26a2aa48a18f8cc1442955c7d1844d92e945bb7aa12f2", "modified": "2018-04-06T00:00:00", "title": "HP-UX Update for AAA Server HPSBUX01011", "edition": 2, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}}

{"cve": [{"lastseen": "2017-10-11T11:05:54", "references": ["http://www.kb.cert.org/vuls/id/484726", "http://www.redhat.com/support/errata/RHSA-2004-121.html", "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", "http://docs.info.apple.com/article.html?artnum=61798", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://marc.info/?l=bugtraq&m=107953412903636&w=2", "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", "http://www.redhat.com/support/errata/RHSA-2004-120.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", "http://www.securityfocus.com/bid/9899", "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", "http://www.ciac.org/ciac/bulletins/o-101.shtml", "http://www.openssl.org/news/secadv_20040317.txt", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", "http://www.trustix.org/errata/2004/0012", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", "http://marc.info/?l=bugtraq&m=108403806509920&w=2", "http://security.gentoo.org/glsa/glsa-200403-03.xml", "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", "http://lists.apple.com/mhonarc/security-announce/msg00045.html"], "description": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.", "edition": 4, "reporter": "NVD", "published": "2004-11-23T00:00:00", "title": "CVE-2004-0112", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:54", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:1049", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0112"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:928", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:928"}], "modified": "2017-10-10T21:29:21", "cpe": ["cpe:/h:symantec:clientless_vpn_gateway_4400:5.0", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0", "cpe:/a:cisco:ciscoworks_common_management_foundation:2.1", "cpe:/a:4d:webstar:5.3.1", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/h:avaya:sg208", "cpe:/a:sgi:propack:2.4", "cpe:/a:cisco:okena_stormwatch:3.2", "cpe:/a:stonesoft:stonebeat_webcluster:2.5", "cpe:/o:cisco:pix_firewall:6.2%281%29", "cpe:/o:hp:hp-ux:11.11", "cpe:/a:cisco:application_and_content_networking_software", "cpe:/h:avaya:s8300:r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.102%29", "cpe:/a:vmware:gsx_server:2.5.1", "cpe:/o:cisco:pix_firewall:6.0%284%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3", "cpe:/o:cisco:ios:12.2%2814%29sy", "cpe:/a:cisco:pix_firewall:6.2.2_.111", "cpe:/o:redhat:linux:7.3", "cpe:/a:hp:wbem:a.02.00.00", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3", "cpe:/o:freebsd:freebsd:4.9", "cpe:/a:checkpoint:provider-1:4.1:sp4", "cpe:/a:avaya:vsu:5000_r2.0.1", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.12", "cpe:/a:avaya:intuity_audix:::lx", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.7:beta3", "cpe:/a:vmware:gsx_server:3.0_build_7592", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:cisco:pix_firewall:6.0%283%29", "cpe:/o:cisco:ios:12.1%2811b%29e", "cpe:/o:cisco:ios:12.1%2813%29e9", "cpe:/a:neoteris:instant_virtual_extranet:3.3.1", "cpe:/a:avaya:vsu:100_r2.0.1", "cpe:/h:avaya:sg203:4.4", "cpe:/a:novell:edirectory:8.5.12a", "cpe:/a:stonesoft:stonegate:2.0.4", "cpe:/o:cisco:pix_firewall:6.2%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:novell:imanager:1.5", "cpe:/a:checkpoint:provider-1:4.1:sp2", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/a:novell:edirectory:8.5", "cpe:/h:hp:apache-based_web_server:2.0.43.04", "cpe:/h:avaya:sg5:4.4", "cpe:/o:cisco:pix_firewall:6.1%281%29", "cpe:/a:stonesoft:stonegate:1.7.2", "cpe:/o:sco:openserver:5.0.7", "cpe:/a:stonesoft:stonegate:2.0.1", "cpe:/h:securecomputing:sidewinder:5.2.1.02", "cpe:/a:stonesoft:stonegate:2.2.1", "cpe:/a:avaya:vsu:2000_r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.109%29", "cpe:/a:avaya:vsu:5", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2", "cpe:/h:securecomputing:sidewinder:5.2.0.01", "cpe:/a:checkpoint:provider-1:4.1:sp1", "cpe:/a:stonesoft:servercluster:2.5", "cpe:/o:freebsd:freebsd:5.2", "cpe:/a:4d:webstar:5.3", "cpe:/a:stonesoft:stonegate:2.0.8", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2", "cpe:/o:cisco:ios:12.1%2819%29e1", "cpe:/a:openssl:openssl:0.9.7:beta2", "cpe:/a:hp:wbem:a.02.00.01", "cpe:/a:cisco:webns:7.1_0.1.02", "cpe:/a:cisco:access_registrar", "cpe:/o:cisco:pix_firewall:6.3%282%29", "cpe:/a:4d:webstar:5.2.1", "cpe:/h:cisco:mds_9000", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:checkpoint:vpn-1:next_generation_fp1", "cpe:/h:cisco:call_manager", "cpe:/o:cisco:ios:12.2za", "cpe:/h:avaya:sg200:4.31.29", "cpe:/a:checkpoint:provider-1:4.1", "cpe:/a:checkpoint:firewall-1:next_generation_fp1", "cpe:/a:stonesoft:stonegate:1.5.18", "cpe:/h:sun:crypto_accelerator_4000:1.0", "cpe:/a:tarantella:tarantella_enterprise:3.20", "cpe:/o:cisco:pix_firewall:6.1%283%29", "cpe:/o:freebsd:freebsd:4.8:releng", "cpe:/a:stonesoft:stonegate:2.1", "cpe:/o:hp:hp-ux:11.23", "cpe:/h:avaya:s8700:r2.0.1", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:avaya:vsu:500", "cpe:/o:openbsd:openbsd:3.3", "cpe:/a:cisco:webns:7.10_.0.06s", "cpe:/a:checkpoint:firewall-1:2.0::gx", "cpe:/a:4d:webstar:5.2.4", "cpe:/a:4d:webstar:5.2.3", "cpe:/o:redhat:linux:8.0", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/o:cisco:pix_firewall:6.0%281%29", "cpe:/h:securecomputing:sidewinder:5.2.0.03", "cpe:/h:securecomputing:sidewinder:5.2.1", "cpe:/a:novell:edirectory:8.6.2", "cpe:/a:tarantella:tarantella_enterprise:3.30", "cpe:/h:avaya:sg5:4.2", "cpe:/a:sgi:propack:3.0", "cpe:/h:avaya:sg203:4.31.29", "cpe:/h:avaya:sg5:4.3", "cpe:/a:avaya:intuity_audix:s3400", "cpe:/a:stonesoft:stonegate:1.7", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:avaya:vsu:5x", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/h:cisco:gss_4480_global_site_selector", "cpe:/a:neoteris:instant_virtual_extranet:3.1", "cpe:/h:avaya:sg200:4.4", "cpe:/a:stonesoft:stonebeat_fullcluster:2.5", "cpe:/o:cisco:ios:12.1%2811%29e", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:stonesoft:stonegate:1.7.1", "cpe:/a:vmware:gsx_server:2.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp0", "cpe:/a:stonesoft:stonebeat_fullcluster:2.0", "cpe:/h:cisco:firewall_services_module:2.1_%280.208%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1", "cpe:/o:cisco:pix_firewall:6.1%284%29", "cpe:/a:cisco:webns:6.10", "cpe:/a:stonesoft:stonebeat_webcluster:2.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_dev", "cpe:/o:freebsd:freebsd:5.1", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:redhat:openssl:0.9.6b-3::i386", "cpe:/h:cisco:firewall_services_module:1.1_%283.005%29", "cpe:/a:avaya:intuity_audix:s3210", "cpe:/o:cisco:pix_firewall:6.2%283%29", "cpe:/a:openssl:openssl:0.9.7:beta1", "cpe:/a:stonesoft:stonegate:1.6.2", "cpe:/a:cisco:webns:7.2_0.0.03", "cpe:/a:cisco:css_secure_content_accelerator:2.0", "cpe:/a:novell:edirectory:8.5.27", "cpe:/a:redhat:openssl:0.9.7a-2::i386", "cpe:/o:cisco:pix_firewall:6.1", "cpe:/h:cisco:firewall_services_module:1.1.3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0", "cpe:/o:cisco:pix_firewall:6.3%281%29", "cpe:/h:hp:apache-based_web_server:2.0.43.00", "cpe:/o:sco:openserver:5.0.6", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2", "cpe:/a:stonesoft:stonegate:2.0.7", "cpe:/a:tarantella:tarantella_enterprise:3.40", "cpe:/a:stonesoft:stonegate:2.0.9", "cpe:/a:4d:webstar:5.2.2", "cpe:/o:cisco:pix_firewall:6.0%284.101%29", "cpe:/a:checkpoint:vpn-1:next_generation_fp0", "cpe:/h:cisco:secure_content_accelerator:10000", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/h:cisco:firewall_services_module", "cpe:/a:stonesoft:stonegate:2.2.4", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:stonesoft:servercluster:2.5.2", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp2", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:stonesoft:stonegate:2.0.5", "cpe:/a:4d:webstar:5.2", "cpe:/a:sgi:propack:2.3", "cpe:/o:freebsd:freebsd:5.2.1:release", "cpe:/a:stonesoft:stonegate:1.6.3", "cpe:/a:novell:edirectory:8.7.1", "cpe:/h:securecomputing:sidewinder:5.2", "cpe:/a:checkpoint:firewall-1:::vsx-ng-ai", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:cisco:ciscoworks_common_services:2.2", "cpe:/a:vmware:gsx_server:2.5.1_build_5336", "cpe:/a:neoteris:instant_virtual_extranet:3.0", "cpe:/o:freebsd:freebsd:4.8", "cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence", "cpe:/h:avaya:sg208:4.4", "cpe:/a:novell:edirectory:8.7", "cpe:/a:cisco:webns:6.10_b4", "cpe:/o:cisco:pix_firewall:6.2%283.100%29", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:cisco:ios:12.2sy", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:4d:webstar:4.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1", "cpe:/a:stonesoft:stonegate:2.0.6", "cpe:/a:avaya:intuity_audix:5.1.46", "cpe:/h:cisco:gss_4490_global_site_selector", "cpe:/a:checkpoint:vpn-1:next_generation_fp2", "cpe:/a:checkpoint:provider-1:4.1:sp3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0", "cpe:/h:securecomputing:sidewinder:5.2.0.02", "cpe:/o:cisco:pix_firewall:6.2", "cpe:/a:cisco:css11000_content_services_switch", "cpe:/o:cisco:ios:12.1%2811b%29e14", "cpe:/a:stonesoft:stonegate:1.5.17", "cpe:/a:stonesoft:stonebeat_securitycluster:2.5", "cpe:/o:cisco:ios:12.1%2811b%29e12", "cpe:/o:cisco:pix_firewall:6.3", "cpe:/a:cisco:threat_response", "cpe:/a:hp:wbem:a.01.05.08", "cpe:/a:redhat:openssl:0.9.6-15::i386", "cpe:/h:securecomputing:sidewinder:5.2.0.04", "cpe:/o:cisco:ios:12.2%2814%29sy1", "cpe:/a:stonesoft:stonegate:2.2", "cpe:/a:avaya:vsu:10000_r2.0.1", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:cisco:webns:7.1_0.2.06", "cpe:/o:openbsd:openbsd:3.4", "cpe:/a:vmware:gsx_server:2.0.1_build_2129", "cpe:/o:cisco:pix_firewall:6.1%285%29", "cpe:/o:cisco:pix_firewall:6.0%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2", "cpe:/o:freebsd:freebsd:5.1:release", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.1", "cpe:/h:bluecoat:proxysg", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.10", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:freebsd:freebsd:5.1:releng", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:stonesoft:stonebeat_fullcluster:3.0", "cpe:/a:cisco:webns:7.10", "cpe:/h:avaya:s8500:r2.0.1", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1", "cpe:/a:novell:imanager:2.0", "cpe:/a:stonesoft:stonebeat_securitycluster:2.0", "cpe:/a:novell:edirectory:8.7.1:sp1", "cpe:/a:avaya:vsu:7500_r2.0.1", "cpe:/a:cisco:css_secure_content_accelerator:1.0", "cpe:/h:cisco:content_services_switch_11500", "cpe:/o:hp:hp-ux:8.05", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1", "cpe:/h:cisco:firewall_services_module:1.1.2", "cpe:/o:cisco:pix_firewall:6.1%282%29", "cpe:/h:hp:aaa_server", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3", "cpe:/a:neoteris:instant_virtual_extranet:3.2", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1", "cpe:/o:cisco:pix_firewall:6.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_perl", "cpe:/a:neoteris:instant_virtual_extranet:3.3", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1", "cpe:/o:redhat:linux:7.2", "cpe:/a:novell:edirectory:8.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1"], "id": "CVE-2004-0112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0112", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:05:54", "references": ["http://fedoranews.org/updates/FEDORA-2004-095.shtml", "http://www.kb.cert.org/vuls/id/288574", "http://www.redhat.com/support/errata/RHSA-2004-139.html", "http://www.redhat.com/support/errata/RHSA-2004-121.html", "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", "http://docs.info.apple.com/article.html?artnum=61798", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://marc.info/?l=bugtraq&m=107953412903636&w=2", "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", "http://www.redhat.com/support/errata/RHSA-2004-120.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", "http://www.securityfocus.com/bid/9899", "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", "http://www.redhat.com/support/errata/RHSA-2005-830.html", "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", "http://www.ciac.org/ciac/bulletins/o-101.shtml", "http://www.openssl.org/news/secadv_20040317.txt", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", "http://www.trustix.org/errata/2004/0012", "http://www.debian.org/security/2004/dsa-465", "http://www.redhat.com/support/errata/RHSA-2005-829.html", "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", "http://marc.info/?l=bugtraq&m=108403806509920&w=2", "http://security.gentoo.org/glsa/glsa-200403-03.xml", "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", "http://lists.apple.com/mhonarc/security-announce/msg00045.html"], "description": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", "edition": 4, "reporter": "NVD", "published": "2004-11-23T00:00:00", "title": "CVE-2004-0079", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:54", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2621", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0079"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:870", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:870"}], "modified": "2017-10-10T21:29:20", "cpe": ["cpe:/h:symantec:clientless_vpn_gateway_4400:5.0", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0", "cpe:/a:cisco:ciscoworks_common_management_foundation:2.1", "cpe:/a:4d:webstar:5.3.1", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/h:avaya:sg208", "cpe:/a:sgi:propack:2.4", "cpe:/a:cisco:okena_stormwatch:3.2", "cpe:/a:stonesoft:stonebeat_webcluster:2.5", "cpe:/o:cisco:pix_firewall:6.2%281%29", "cpe:/o:hp:hp-ux:11.11", "cpe:/a:cisco:application_and_content_networking_software", "cpe:/h:avaya:s8300:r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.102%29", "cpe:/a:vmware:gsx_server:2.5.1", "cpe:/o:cisco:pix_firewall:6.0%284%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3", "cpe:/o:cisco:ios:12.2%2814%29sy", "cpe:/a:cisco:pix_firewall:6.2.2_.111", "cpe:/o:redhat:linux:7.3", "cpe:/a:hp:wbem:a.02.00.00", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3", "cpe:/o:freebsd:freebsd:4.9", "cpe:/a:checkpoint:provider-1:4.1:sp4", "cpe:/a:avaya:vsu:5000_r2.0.1", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.12", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.7", "cpe:/a:avaya:intuity_audix:::lx", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.7:beta3", "cpe:/a:vmware:gsx_server:3.0_build_7592", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:cisco:pix_firewall:6.0%283%29", "cpe:/o:cisco:ios:12.1%2811b%29e", "cpe:/o:cisco:ios:12.1%2813%29e9", "cpe:/a:neoteris:instant_virtual_extranet:3.3.1", "cpe:/a:avaya:vsu:100_r2.0.1", "cpe:/h:avaya:sg203:4.4", "cpe:/a:novell:edirectory:8.5.12a", "cpe:/a:stonesoft:stonegate:2.0.4", "cpe:/o:cisco:pix_firewall:6.2%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:novell:imanager:1.5", "cpe:/a:checkpoint:provider-1:4.1:sp2", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/a:novell:edirectory:8.5", "cpe:/h:hp:apache-based_web_server:2.0.43.04", "cpe:/h:avaya:sg5:4.4", "cpe:/o:cisco:pix_firewall:6.1%281%29", "cpe:/a:stonesoft:stonegate:1.7.2", "cpe:/o:sco:openserver:5.0.7", "cpe:/a:stonesoft:stonegate:2.0.1", "cpe:/h:securecomputing:sidewinder:5.2.1.02", "cpe:/a:stonesoft:stonegate:2.2.1", "cpe:/a:avaya:vsu:2000_r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.109%29", "cpe:/a:avaya:vsu:5", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2", "cpe:/h:securecomputing:sidewinder:5.2.0.01", "cpe:/a:checkpoint:provider-1:4.1:sp1", "cpe:/a:stonesoft:servercluster:2.5", "cpe:/o:freebsd:freebsd:5.2", "cpe:/a:4d:webstar:5.3", "cpe:/a:stonesoft:stonegate:2.0.8", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2", "cpe:/o:cisco:ios:12.1%2819%29e1", "cpe:/a:openssl:openssl:0.9.7:beta2", "cpe:/a:hp:wbem:a.02.00.01", "cpe:/a:cisco:webns:7.1_0.1.02", "cpe:/a:cisco:access_registrar", "cpe:/o:cisco:pix_firewall:6.3%282%29", "cpe:/a:4d:webstar:5.2.1", "cpe:/h:cisco:mds_9000", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:checkpoint:vpn-1:next_generation_fp1", "cpe:/h:cisco:call_manager", "cpe:/o:cisco:ios:12.2za", "cpe:/h:avaya:sg200:4.31.29", "cpe:/a:checkpoint:provider-1:4.1", "cpe:/a:checkpoint:firewall-1:next_generation_fp1", "cpe:/a:stonesoft:stonegate:1.5.18", "cpe:/h:sun:crypto_accelerator_4000:1.0", "cpe:/a:tarantella:tarantella_enterprise:3.20", "cpe:/o:cisco:pix_firewall:6.1%283%29", "cpe:/o:freebsd:freebsd:4.8:releng", "cpe:/a:stonesoft:stonegate:2.1", "cpe:/o:hp:hp-ux:11.23", "cpe:/h:avaya:s8700:r2.0.1", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:avaya:vsu:500", "cpe:/o:openbsd:openbsd:3.3", "cpe:/a:cisco:webns:7.10_.0.06s", "cpe:/a:checkpoint:firewall-1:2.0::gx", "cpe:/a:4d:webstar:5.2.4", "cpe:/a:4d:webstar:5.2.3", "cpe:/o:redhat:linux:8.0", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/o:cisco:pix_firewall:6.0%281%29", "cpe:/h:securecomputing:sidewinder:5.2.0.03", "cpe:/h:securecomputing:sidewinder:5.2.1", "cpe:/a:novell:edirectory:8.6.2", "cpe:/a:tarantella:tarantella_enterprise:3.30", "cpe:/h:avaya:sg5:4.2", "cpe:/a:sgi:propack:3.0", "cpe:/h:avaya:sg203:4.31.29", "cpe:/h:avaya:sg5:4.3", "cpe:/a:avaya:intuity_audix:s3400", "cpe:/a:stonesoft:stonegate:1.7", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:avaya:vsu:5x", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/h:cisco:gss_4480_global_site_selector", "cpe:/a:neoteris:instant_virtual_extranet:3.1", "cpe:/h:avaya:sg200:4.4", "cpe:/a:stonesoft:stonebeat_fullcluster:2.5", "cpe:/o:cisco:ios:12.1%2811%29e", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:stonesoft:stonegate:1.7.1", "cpe:/a:vmware:gsx_server:2.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp0", "cpe:/a:stonesoft:stonebeat_fullcluster:2.0", "cpe:/h:cisco:firewall_services_module:2.1_%280.208%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1", "cpe:/o:cisco:pix_firewall:6.1%284%29", "cpe:/a:cisco:webns:6.10", "cpe:/a:stonesoft:stonebeat_webcluster:2.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_dev", "cpe:/o:freebsd:freebsd:5.1", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:redhat:openssl:0.9.6b-3::i386", "cpe:/h:cisco:firewall_services_module:1.1_%283.005%29", "cpe:/a:avaya:intuity_audix:s3210", "cpe:/o:cisco:pix_firewall:6.2%283%29", "cpe:/a:openssl:openssl:0.9.7:beta1", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.8", "cpe:/a:stonesoft:stonegate:1.6.2", "cpe:/a:cisco:webns:7.2_0.0.03", "cpe:/a:cisco:css_secure_content_accelerator:2.0", "cpe:/a:novell:edirectory:8.5.27", "cpe:/a:redhat:openssl:0.9.7a-2::i386", "cpe:/o:cisco:pix_firewall:6.1", "cpe:/h:cisco:firewall_services_module:1.1.3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0", "cpe:/o:cisco:pix_firewall:6.3%281%29", "cpe:/h:hp:apache-based_web_server:2.0.43.00", "cpe:/o:sco:openserver:5.0.6", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2", "cpe:/a:stonesoft:stonegate:2.0.7", "cpe:/a:tarantella:tarantella_enterprise:3.40", "cpe:/a:stonesoft:stonegate:2.0.9", "cpe:/a:4d:webstar:5.2.2", "cpe:/o:cisco:pix_firewall:6.0%284.101%29", "cpe:/a:checkpoint:vpn-1:next_generation_fp0", "cpe:/h:cisco:secure_content_accelerator:10000", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/h:cisco:firewall_services_module", "cpe:/a:stonesoft:stonegate:2.2.4", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:stonesoft:servercluster:2.5.2", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp2", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:stonesoft:stonegate:2.0.5", "cpe:/a:4d:webstar:5.2", "cpe:/a:sgi:propack:2.3", "cpe:/o:freebsd:freebsd:5.2.1:release", "cpe:/a:stonesoft:stonegate:1.6.3", "cpe:/a:novell:edirectory:8.7.1", "cpe:/h:securecomputing:sidewinder:5.2", "cpe:/a:checkpoint:firewall-1:::vsx-ng-ai", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:cisco:ciscoworks_common_services:2.2", "cpe:/a:vmware:gsx_server:2.5.1_build_5336", "cpe:/a:neoteris:instant_virtual_extranet:3.0", "cpe:/o:freebsd:freebsd:4.8", "cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence", "cpe:/h:avaya:sg208:4.4", "cpe:/a:novell:edirectory:8.7", "cpe:/a:cisco:webns:6.10_b4", "cpe:/o:cisco:pix_firewall:6.2%283.100%29", "cpe:/a:stonesoft:stonegate_vpn_client:2.0", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:cisco:ios:12.2sy", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:4d:webstar:4.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1", "cpe:/a:stonesoft:stonegate:2.0.6", "cpe:/a:avaya:intuity_audix:5.1.46", "cpe:/h:cisco:gss_4490_global_site_selector", "cpe:/a:stonesoft:stonegate_vpn_client:1.7.2", "cpe:/a:checkpoint:vpn-1:next_generation_fp2", "cpe:/a:checkpoint:provider-1:4.1:sp3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0", "cpe:/h:securecomputing:sidewinder:5.2.0.02", "cpe:/o:cisco:pix_firewall:6.2", "cpe:/a:cisco:css11000_content_services_switch", "cpe:/o:cisco:ios:12.1%2811b%29e14", "cpe:/a:stonesoft:stonegate:1.5.17", "cpe:/a:stonesoft:stonebeat_securitycluster:2.5", "cpe:/o:cisco:ios:12.1%2811b%29e12", "cpe:/o:cisco:pix_firewall:6.3", "cpe:/a:cisco:threat_response", "cpe:/a:hp:wbem:a.01.05.08", "cpe:/a:redhat:openssl:0.9.6-15::i386", "cpe:/h:securecomputing:sidewinder:5.2.0.04", "cpe:/o:cisco:ios:12.2%2814%29sy1", "cpe:/a:stonesoft:stonegate:2.2", "cpe:/a:avaya:vsu:10000_r2.0.1", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:cisco:webns:7.1_0.2.06", "cpe:/o:openbsd:openbsd:3.4", "cpe:/a:vmware:gsx_server:2.0.1_build_2129", "cpe:/o:cisco:pix_firewall:6.1%285%29", "cpe:/o:cisco:pix_firewall:6.0%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2", "cpe:/o:freebsd:freebsd:5.1:release", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.1", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.9", "cpe:/h:bluecoat:proxysg", "cpe:/a:stonesoft:stonegate_vpn_client:1.7", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.10", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:freebsd:freebsd:5.1:releng", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:stonesoft:stonebeat_fullcluster:3.0", "cpe:/a:cisco:webns:7.10", "cpe:/h:avaya:s8500:r2.0.1", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1", "cpe:/a:novell:imanager:2.0", "cpe:/a:stonesoft:stonebeat_securitycluster:2.0", "cpe:/a:novell:edirectory:8.7.1:sp1", "cpe:/a:avaya:vsu:7500_r2.0.1", "cpe:/a:cisco:css_secure_content_accelerator:1.0", "cpe:/h:cisco:content_services_switch_11500", "cpe:/o:hp:hp-ux:8.05", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1", "cpe:/h:cisco:firewall_services_module:1.1.2", "cpe:/o:cisco:pix_firewall:6.1%282%29", "cpe:/h:hp:aaa_server", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3", "cpe:/a:neoteris:instant_virtual_extranet:3.2", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1", "cpe:/o:cisco:pix_firewall:6.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_perl", "cpe:/a:neoteris:instant_virtual_extranet:3.3", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1", "cpe:/o:redhat:linux:7.2", "cpe:/a:novell:edirectory:8.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1"], "id": "CVE-2004-0079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0079", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:05:54", "references": ["http://fedoranews.org/updates/FEDORA-2004-095.shtml", "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", "http://www.redhat.com/support/errata/RHSA-2004-139.html", "http://www.redhat.com/support/errata/RHSA-2004-121.html", "http://marc.info/?l=bugtraq&m=107955049331965&w=2", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://marc.info/?l=bugtraq&m=108403850228012&w=2", "http://www.redhat.com/support/errata/RHSA-2004-120.html", "http://www.securityfocus.com/bid/9899", "http://rhn.redhat.com/errata/RHSA-2004-119.html", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", "http://www.trustix.org/errata/2004/0012", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", "http://www.debian.org/security/2004/dsa-465", "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", "http://www.kb.cert.org/vuls/id/465542", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", "http://security.gentoo.org/glsa/glsa-200403-03.xml", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"], "description": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", "edition": 4, "reporter": "NVD", "published": "2004-11-23T00:00:00", "title": "CVE-2004-0081", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:54", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11755", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0081"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:902", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:902"}], "modified": "2017-10-10T21:29:20", "cpe": ["cpe:/h:symantec:clientless_vpn_gateway_4400:5.0", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0", "cpe:/a:cisco:ciscoworks_common_management_foundation:2.1", "cpe:/a:4d:webstar:5.3.1", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/h:avaya:sg208", "cpe:/a:sgi:propack:2.4", "cpe:/a:cisco:okena_stormwatch:3.2", "cpe:/a:stonesoft:stonebeat_webcluster:2.5", "cpe:/o:cisco:pix_firewall:6.2%281%29", "cpe:/o:hp:hp-ux:11.11", "cpe:/a:cisco:application_and_content_networking_software", "cpe:/h:avaya:s8300:r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.102%29", "cpe:/a:vmware:gsx_server:2.5.1", "cpe:/o:cisco:pix_firewall:6.0%284%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3", "cpe:/o:cisco:ios:12.2%2814%29sy", "cpe:/a:cisco:pix_firewall:6.2.2_.111", "cpe:/o:redhat:linux:7.3", "cpe:/a:hp:wbem:a.02.00.00", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3", "cpe:/o:freebsd:freebsd:4.9", "cpe:/a:checkpoint:provider-1:4.1:sp4", "cpe:/a:avaya:vsu:5000_r2.0.1", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.12", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.7", "cpe:/a:avaya:intuity_audix:::lx", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.7:beta3", "cpe:/a:vmware:gsx_server:3.0_build_7592", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:cisco:pix_firewall:6.0%283%29", "cpe:/o:cisco:ios:12.1%2811b%29e", "cpe:/o:cisco:ios:12.1%2813%29e9", "cpe:/a:neoteris:instant_virtual_extranet:3.3.1", "cpe:/a:avaya:vsu:100_r2.0.1", "cpe:/h:avaya:sg203:4.4", "cpe:/a:novell:edirectory:8.5.12a", "cpe:/a:stonesoft:stonegate:2.0.4", "cpe:/o:cisco:pix_firewall:6.2%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:novell:imanager:1.5", "cpe:/a:checkpoint:provider-1:4.1:sp2", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/a:novell:edirectory:8.5", "cpe:/h:hp:apache-based_web_server:2.0.43.04", "cpe:/h:avaya:sg5:4.4", "cpe:/o:cisco:pix_firewall:6.1%281%29", "cpe:/a:stonesoft:stonegate:1.7.2", "cpe:/o:sco:openserver:5.0.7", "cpe:/a:stonesoft:stonegate:2.0.1", "cpe:/h:securecomputing:sidewinder:5.2.1.02", "cpe:/a:stonesoft:stonegate:2.2.1", "cpe:/a:avaya:vsu:2000_r2.0.1", "cpe:/o:cisco:pix_firewall:6.3%283.109%29", "cpe:/a:avaya:vsu:5", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2", "cpe:/h:securecomputing:sidewinder:5.2.0.01", "cpe:/a:checkpoint:provider-1:4.1:sp1", "cpe:/a:stonesoft:servercluster:2.5", "cpe:/o:freebsd:freebsd:5.2", "cpe:/a:4d:webstar:5.3", "cpe:/a:stonesoft:stonegate:2.0.8", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2", "cpe:/o:cisco:ios:12.1%2819%29e1", "cpe:/a:openssl:openssl:0.9.7:beta2", "cpe:/a:hp:wbem:a.02.00.01", "cpe:/a:cisco:webns:7.1_0.1.02", "cpe:/a:cisco:access_registrar", "cpe:/o:cisco:pix_firewall:6.3%282%29", "cpe:/a:4d:webstar:5.2.1", "cpe:/h:cisco:mds_9000", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:checkpoint:vpn-1:next_generation_fp1", "cpe:/h:cisco:call_manager", "cpe:/o:cisco:ios:12.2za", "cpe:/h:avaya:sg200:4.31.29", "cpe:/a:checkpoint:provider-1:4.1", "cpe:/a:checkpoint:firewall-1:next_generation_fp1", "cpe:/a:stonesoft:stonegate:1.5.18", "cpe:/h:sun:crypto_accelerator_4000:1.0", "cpe:/a:tarantella:tarantella_enterprise:3.20", "cpe:/o:cisco:pix_firewall:6.1%283%29", "cpe:/o:freebsd:freebsd:4.8:releng", "cpe:/a:stonesoft:stonegate:2.1", "cpe:/o:hp:hp-ux:11.23", "cpe:/h:avaya:s8700:r2.0.1", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:avaya:vsu:500", "cpe:/o:openbsd:openbsd:3.3", "cpe:/a:cisco:webns:7.10_.0.06s", "cpe:/a:checkpoint:firewall-1:2.0::gx", "cpe:/a:4d:webstar:5.2.4", "cpe:/a:4d:webstar:5.2.3", "cpe:/o:redhat:linux:8.0", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/o:cisco:pix_firewall:6.0%281%29", "cpe:/h:securecomputing:sidewinder:5.2.0.03", "cpe:/h:securecomputing:sidewinder:5.2.1", "cpe:/a:novell:edirectory:8.6.2", "cpe:/a:tarantella:tarantella_enterprise:3.30", "cpe:/h:avaya:sg5:4.2", "cpe:/a:sgi:propack:3.0", "cpe:/h:avaya:sg203:4.31.29", "cpe:/h:avaya:sg5:4.3", "cpe:/a:avaya:intuity_audix:s3400", "cpe:/a:stonesoft:stonegate:1.7", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:avaya:vsu:5x", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/h:cisco:gss_4480_global_site_selector", "cpe:/a:neoteris:instant_virtual_extranet:3.1", "cpe:/h:avaya:sg200:4.4", "cpe:/a:stonesoft:stonebeat_fullcluster:2.5", "cpe:/o:cisco:ios:12.1%2811%29e", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:stonesoft:stonegate:1.7.1", "cpe:/a:vmware:gsx_server:2.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp0", "cpe:/a:stonesoft:stonebeat_fullcluster:2.0", "cpe:/h:cisco:firewall_services_module:2.1_%280.208%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1", "cpe:/o:cisco:pix_firewall:6.1%284%29", "cpe:/a:cisco:webns:6.10", "cpe:/a:stonesoft:stonebeat_webcluster:2.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_dev", "cpe:/o:freebsd:freebsd:5.1", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:redhat:openssl:0.9.6b-3::i386", "cpe:/h:cisco:firewall_services_module:1.1_%283.005%29", "cpe:/a:avaya:intuity_audix:s3210", "cpe:/o:cisco:pix_firewall:6.2%283%29", "cpe:/a:openssl:openssl:0.9.7:beta1", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.8", "cpe:/a:stonesoft:stonegate:1.6.2", "cpe:/a:cisco:webns:7.2_0.0.03", "cpe:/a:cisco:css_secure_content_accelerator:2.0", "cpe:/a:novell:edirectory:8.5.27", "cpe:/a:redhat:openssl:0.9.7a-2::i386", "cpe:/o:cisco:pix_firewall:6.1", "cpe:/h:cisco:firewall_services_module:1.1.3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0", "cpe:/o:cisco:pix_firewall:6.3%281%29", "cpe:/h:hp:apache-based_web_server:2.0.43.00", "cpe:/o:sco:openserver:5.0.6", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2", "cpe:/a:stonesoft:stonegate:2.0.7", "cpe:/a:tarantella:tarantella_enterprise:3.40", "cpe:/a:stonesoft:stonegate:2.0.9", "cpe:/a:4d:webstar:5.2.2", "cpe:/o:cisco:pix_firewall:6.0%284.101%29", "cpe:/a:checkpoint:vpn-1:next_generation_fp0", "cpe:/h:cisco:secure_content_accelerator:10000", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/h:cisco:firewall_services_module", "cpe:/a:stonesoft:stonegate:2.2.4", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:stonesoft:servercluster:2.5.2", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:checkpoint:firewall-1:next_generation_fp2", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:stonesoft:stonegate:2.0.5", "cpe:/a:4d:webstar:5.2", "cpe:/a:sgi:propack:2.3", "cpe:/o:freebsd:freebsd:5.2.1:release", "cpe:/a:stonesoft:stonegate:1.6.3", "cpe:/a:novell:edirectory:8.7.1", "cpe:/h:securecomputing:sidewinder:5.2", "cpe:/a:checkpoint:firewall-1:::vsx-ng-ai", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:cisco:ciscoworks_common_services:2.2", "cpe:/a:vmware:gsx_server:2.5.1_build_5336", "cpe:/a:neoteris:instant_virtual_extranet:3.0", "cpe:/o:freebsd:freebsd:4.8", "cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence", "cpe:/h:avaya:sg208:4.4", "cpe:/a:novell:edirectory:8.7", "cpe:/a:cisco:webns:6.10_b4", "cpe:/o:cisco:pix_firewall:6.2%283.100%29", "cpe:/a:stonesoft:stonegate_vpn_client:2.0", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:cisco:ios:12.2sy", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:4d:webstar:4.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1", "cpe:/a:stonesoft:stonegate:2.0.6", "cpe:/a:avaya:intuity_audix:5.1.46", "cpe:/h:cisco:gss_4490_global_site_selector", "cpe:/a:stonesoft:stonegate_vpn_client:1.7.2", "cpe:/a:checkpoint:provider-1:4.1:sp3", "cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0", "cpe:/h:securecomputing:sidewinder:5.2.0.02", "cpe:/o:cisco:pix_firewall:6.2", "cpe:/a:cisco:css11000_content_services_switch", "cpe:/o:cisco:ios:12.1%2811b%29e14", "cpe:/a:stonesoft:stonegate:1.5.17", "cpe:/a:stonesoft:stonebeat_securitycluster:2.5", "cpe:/o:cisco:ios:12.1%2811b%29e12", "cpe:/o:cisco:pix_firewall:6.3", "cpe:/a:cisco:threat_response", "cpe:/a:hp:wbem:a.01.05.08", "cpe:/a:redhat:openssl:0.9.6-15::i386", "cpe:/h:securecomputing:sidewinder:5.2.0.04", "cpe:/o:cisco:ios:12.2%2814%29sy1", "cpe:/a:stonesoft:stonegate:2.2", "cpe:/a:avaya:vsu:10000_r2.0.1", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:cisco:webns:7.1_0.2.06", "cpe:/o:openbsd:openbsd:3.4", "cpe:/a:vmware:gsx_server:2.0.1_build_2129", "cpe:/o:cisco:pix_firewall:6.1%285%29", "cpe:/o:cisco:pix_firewall:6.0%282%29", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2", "cpe:/o:freebsd:freebsd:5.1:release", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.1", "cpe:/a:stonesoft:stonegate_vpn_client:2.0.9", "cpe:/h:bluecoat:proxysg", "cpe:/a:stonesoft:stonegate_vpn_client:1.7", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/o:bluecoat:cacheos_ca_sa:4.1.10", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:freebsd:freebsd:5.1:releng", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:stonesoft:stonebeat_fullcluster:3.0", "cpe:/a:cisco:webns:7.10", "cpe:/h:avaya:s8500:r2.0.1", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1", "cpe:/a:novell:imanager:2.0", "cpe:/a:stonesoft:stonebeat_securitycluster:2.0", "cpe:/a:novell:edirectory:8.7.1:sp1", "cpe:/a:avaya:vsu:7500_r2.0.1", "cpe:/a:cisco:css_secure_content_accelerator:1.0", "cpe:/h:cisco:content_services_switch_11500", "cpe:/o:hp:hp-ux:8.05", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1", "cpe:/h:cisco:firewall_services_module:1.1.2", "cpe:/o:cisco:pix_firewall:6.1%282%29", "cpe:/h:hp:aaa_server", "cpe:/a:checkpoint:vpn-1:next_generation", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3", "cpe:/a:neoteris:instant_virtual_extranet:3.2", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1", "cpe:/o:cisco:pix_firewall:6.0", "cpe:/a:redhat:openssl:0.9.7a-2::i386_perl", "cpe:/a:neoteris:instant_virtual_extranet:3.3", "cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1", "cpe:/o:redhat:linux:7.2", "cpe:/a:novell:edirectory:8.0", "cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1"], "id": "CVE-2004-0081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0081", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:49", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112", "https://bugs.gentoo.org/show_bug.cgi?id=44941"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.7c", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/openssl", "operator": "le"}], "edition": 1, "description": "### Background\n\nThe OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. \n\n### Description\n\n 1. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. \n 2. A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. \n 3. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. \n\n### Impact\n\nAlthough there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. \n\n### Workaround\n\nThere is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten. \n\n### Resolution\n\nAll users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m: \n \n \n # emerge sync\n # emerge -pv \">=dev-libs/openssl-0.9.7d\"\n # emerge \">=dev-libs/openssl-0.9.7d\"", "reporter": "Gentoo Foundation", "published": "2004-03-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "Multiple OpenSSL Vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200403-03", "href": "https://security.gentoo.org/glsa/200403-03", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. Reported by OpenSSL group (Stephen Henson).", "reporter": "OpenSSL", "published": "2004-03-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2004-0112)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "0.9.7b", "operator": "eq"}, {"name": "openssl", "version": "0.9.7a", "operator": "eq"}, {"name": "openssl", "version": "0.9.7c", "operator": "eq"}], "cvelist": ["CVE-2004-0112"], "modified": "2004-03-17T00:00:00", "id": "OPENSSL:CVE-2004-0112", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. Reported by OpenSSL group.", "reporter": "OpenSSL", "published": "2004-03-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2004-0079)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "0.9.7b", "operator": "eq"}, {"name": "openssl", "version": "0.9.6c", "operator": "eq"}, {"name": "openssl", "version": "0.9.6l", "operator": "eq"}, {"name": "openssl", "version": "0.9.7a", "operator": "eq"}, {"name": "openssl", "version": "0.9.6j", "operator": "eq"}, {"name": "openssl", "version": "0.9.6k", "operator": "eq"}, {"name": "openssl", "version": "0.9.6d", "operator": "eq"}, {"name": "openssl", "version": "0.9.6i", "operator": "eq"}, {"name": "openssl", "version": "0.9.7c", "operator": "eq"}, {"name": "openssl", "version": "0.9.6f", "operator": "eq"}, {"name": "openssl", "version": "0.9.6e", "operator": "eq"}, {"name": "openssl", "version": "0.9.6h", "operator": "eq"}, {"name": "openssl", "version": "0.9.6g", "operator": "eq"}, {"name": "openssl", "version": "0.9.7", "operator": "eq"}], "cvelist": ["CVE-2004-0079"], "modified": "2004-03-17T00:00:00", "id": "OPENSSL:CVE-2004-0079", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:55:33", "references": ["https://security.gentoo.org/glsa/200403-03"], "pluginID": "14454", "description": "The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities)\n\n Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue.\n A flaw has been discovered in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos cipher suites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue.\n Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches.\n Impact :\n\n Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure.\n Workaround :\n\n There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.", "edition": 4, "reporter": "Tenable", "published": "2004-08-30T00:00:00", "title": "GLSA-200403-03 : Multiple OpenSSL Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2015-04-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200403-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14454);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:34:21 $\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\", \"CVE-2004-0112\");\n script_xref(name:\"GLSA\", value:\"200403-03\");\n\n script_name(english:\"GLSA-200403-03 : Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-03\n(Multiple OpenSSL Vulnerabilities)\n\n Testing performed by the OpenSSL group using the Codenomicon TLS Test\n Tool uncovered a NULL pointer assignment in the do_change_cipher_spec()\n function. A remote attacker could perform a carefully crafted SSL/TLS\n handshake against a server that used the OpenSSL library in such a way\n as to cause OpenSSL to crash. Depending on the application this could\n lead to a denial of service. All versions of OpenSSL from 0.9.6c to\n 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by\n this issue.\n A flaw has been discovered in SSL/TLS handshaking code when using\n Kerberos ciphersuites. A remote attacker could perform a carefully\n crafted SSL/TLS handshake against a server configured to use Kerberos\n ciphersuites in such a way as to cause OpenSSL to crash. Most\n applications have no ability to use Kerberos cipher suites and will\n therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL\n are affected by this issue.\n Testing performed by the OpenSSL group using the Codenomicon TLS Test\n Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead\n to a Denial of Service attack (infinite loop). This issue was traced to\n a fix that was added to OpenSSL 0.9.6d some time ago. This issue will\n affect vendors that ship older versions of OpenSSL with backported\n security patches.\n \nImpact :\n\n Although there are no public exploits known for bug, users are\n recommended to upgrade to ensure the security of their infrastructure.\n \nWorkaround :\n\n There is no immediate workaround; a software upgrade is required. The\n vulnerable function in the code has been rewritten.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:\n # emerge sync\n # emerge -pv '>=dev-libs/openssl-0.9.7d'\n # emerge '>=dev-libs/openssl-0.9.7d'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.7d\", \"eq 0.9.6m\"), vulnerable:make_list(\"le 0.9.7c\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-libs/openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:10", "references": ["http://www.codenomicon.com/testtools/tls/", "https://www.redhat.com/security/data/cve/CVE-2004-0081.html", "http://www.cpni.gov.uk/", "http://rhn.redhat.com/errata/RHSA-2004-120.html", "https://www.redhat.com/security/data/cve/CVE-2004-0112.html", "https://www.redhat.com/security/data/cve/CVE-2004-0079.html"], "pluginID": "12480", "description": "Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3.\n\nThe OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0079 to this issue.\n\nStephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected by this issue.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0112 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop).\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3.\n\nThese updated packages contain patches provided by the OpenSSL group that protect against these issues.\n\nAdditionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages.\n\nNOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates.", "edition": 5, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 3 : openssl (RHSA-2004:120)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:openssl096b", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2004-120.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:120. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12480);\n script_version (\"$Revision: 1.23 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:44 $\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\", \"CVE-2004-0112\");\n script_bugtraq_id(9899);\n script_xref(name:\"RHSA\", value:\"2004:120\");\n\n script_name(english:\"RHEL 3 : openssl (RHSA-2004:120)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages that fix several remote denial of service\nvulnerabilities are available for Red Hat Enterprise Linux 3.\n\nThe OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\nTransport Layer Security (TLS v1) protocols, and serves as a\nfull-strength general purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test\nTool uncovered a NULL pointer assignment in the\ndo_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and\n0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted\nSSL/TLS handshake against a server that uses the OpenSSL library in\nsuch a way as to cause OpenSSL to crash. Depending on the application\nthis could lead to a denial of service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2004-0079\nto this issue.\n\nStephen Henson discovered a flaw in SSL/TLS handshaking code when\nusing Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote\nattacker could perform a carefully crafted SSL/TLS handshake against a\nserver configured to use Kerberos ciphersuites in such a way as to\ncause OpenSSL to crash. Most applications have no ability to use\nKerberos ciphersuites and will therefore be unaffected by this issue.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0112 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test\nTool uncovered a bug in older versions of OpenSSL 0.9.6 prior to\n0.9.6d that may lead to a denial of service attack (infinite loop).\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0081 to this issue. This issue affects only\nthe OpenSSL compatibility packages shipped with Red Hat Enterprise\nLinux 3.\n\nThese updated packages contain patches provided by the OpenSSL group\nthat protect against these issues.\n\nAdditionally, the version of libica included in the OpenSSL packages\nhas been updated to 1.3.5. This only affects IBM s390 and IBM eServer\nzSeries customers and is required for the latest openCryptoki\npackages.\n\nNOTE: Because server applications are affected by this issue, users\nare advised to either restart all services that use OpenSSL\nfunctionality or restart their systems after installing these updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0112.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.codenomicon.com/testtools/tls/\"\n );\n # http://www.niscc.gov.uk/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.cpni.gov.uk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-120.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:120\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-0.9.7a-33.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-devel-0.9.7a-33.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-perl-0.9.7a-33.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-16\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl096b\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:35", "references": ["https://www.openssl.org/news/secadv/20040317.txt", "http://seclists.org/bugtraq/2004/Mar/155"], "pluginID": "12110", "description": "According to its banner, the remote host is using a version of OpenSSL which is older than 0.9.6m / 0.9.7d. There are several bugs in such versions that may allow an attacker to cause a denial of service against the remote host.", "edition": 7, "reporter": "Tenable", "published": "2004-03-17T00:00:00", "title": "OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_DENIAL.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12110);\n script_version(\"1.35\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\", \"CVE-2004-0112\");\n script_bugtraq_id(9899);\n\n script_name(english:\"OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS\");\n script_summary(english:\"Checks for version of OpenSSL\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is prone to a denial of service attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is using a version of OpenSSL\nwhich is older than 0.9.6m / 0.9.7d. There are several bugs in such\nversions that may allow an attacker to cause a denial of service\nagainst the remote host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20040317.txt\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2004/Mar/155\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 0.9.6m / 0.9.7d or newer.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/03/17\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n if ( ! defined_func(\"bn_random\") )\n \tscript_dependencie(\"http_version.nasl\");\n else\n \tscript_dependencie(\"http_version.nasl\", \"macosx_SecUpd20040503.nasl\", \"redhat-RHSA-2004-119.nasl\", \"redhat-RHSA-2004-120.nasl\");\n script_require_ports(\"Services/www\", 443);\n exit(0);\n}\n\n#\n# The script code starts here - we rely on Apache to spit OpenSSL's\n# version. That sucks.\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"backport.inc\");\n\n\n\nif ( get_kb_item(\"CVE-2004-0079\") ) exit(0);\nif ( get_kb_item(\"CVE-2004-0081\") ) exit(0);\n\n#\n# Only look at the banner for now. This test needs to be improved.\n# \nports = add_port_in_list(list:get_kb_list(\"Services/www\"), port:443);\n\nforeach port (ports)\n{\n banner = get_http_banner(port:port);\n if(banner)\n {\n banner = get_backport_banner(banner:banner);\n if ( ! banner || backported ) continue;\n if(egrep(pattern:\"^Server:.*OpenSSL/0\\.9\\.([0-5][^0-9]|6[^a-z]|6[a-l]).*\", string:banner)) security_warning(port);\n else if(egrep(pattern:\"^Server:.*OpenSSL/0\\.9\\.7(-beta.*|[a-c]| .*)\", string:banner)) security_warning(port);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:32", "references": ["http://www.nessus.org/u?1077dcbe"], "pluginID": "18785", "description": "Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL. We recommend sites that use OpenSSL upgrade to the fixed packages right away.", "edition": 5, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "Slackware 8.1 / 9.0 / 9.1 / current : OpenSSL security update (SSA:2004-077-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "p-cpe:/a:slackware:slackware_linux:openssl", "cpe:/o:slackware:slackware_linux:9.0", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2004-077-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18785", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-077-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18785);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n script_xref(name:\"SSA\", value:\"2004-077-01\");\n\n script_name(english:\"Slackware 8.1 / 9.0 / 9.1 / current : OpenSSL security update (SSA:2004-077-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1,\nand -current. These fix two potential denial-of-service issues in\nearlier versions of OpenSSL. We recommend sites that use OpenSSL\nupgrade to the fixed packages right away.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1077dcbe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"openssl\", pkgver:\"0.9.6m\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.6m\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"0.9.7d\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:06", "references": [], "pluginID": "14122", "description": "A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a NULL pointer assignment in the do_change_cipher_spec() function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application in question, this could lead to a Denial of Service (DoS). This vulnerability affects both OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c). CVE has assigned CVE-2004-0079 to this issue.\n\nAnother vulnerability was discovered by Stephen Henson in OpenSSL versions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash.\nCVE has assigned CVE-2004-0112 to this issue.\n\nMandrakesoft urges users to upgrade to the packages provided that have been patched to protect against these problems. We would also like to thank NISCC for their assistance in coordinating the disclosure of these problems.\n\nPlease note that you will need to restart any SSL-enabled services for the patch to be effective, including (but not limited to) Apache, OpenLDAP, etc.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2004:023)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libopenssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel", "p-cpe:/a:mandriva:linux:libopenssl0", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel"], "id": "MANDRAKE_MDKSA-2004-023.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14122", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:023. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14122);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n script_xref(name:\"MDKSA\", value:\"2004:023\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2004:023)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered by the OpenSSL group using the\nCodenomicon TLS Test Tool. The test uncovered a NULL pointer\nassignment in the do_change_cipher_spec() function whih could be\nabused by a remote attacker crafting a special SSL/TLS handshake\nagainst a server that used the OpenSSL library in such a way as to\ncause OpenSSL to crash. Depending on the application in question, this\ncould lead to a Denial of Service (DoS). This vulnerability affects\nboth OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c). CVE has\nassigned CVE-2004-0079 to this issue.\n\nAnother vulnerability was discovered by Stephen Henson in OpenSSL\nversions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking\ncode when using Kerberos ciphersuites. A remote attacker could perform\na carefully crafted SSL/TLS handshake against a server configured to\nuse Kerberos ciphersuites in such a way as to cause OpenSSL to crash.\nCVE has assigned CVE-2004-0112 to this issue.\n\nMandrakesoft urges users to upgrade to the packages provided that have\nbeen patched to protect against these problems. We would also like to\nthank NISCC for their assistance in coordinating the disclosure of\nthese problems.\n\nPlease note that you will need to restart any SSL-enabled services for\nthe patch to be effective, including (but not limited to) Apache,\nOpenLDAP, etc.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.7.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-devel-0.9.6i-1.7.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libopenssl0-static-devel-0.9.6i-1.7.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openssl-0.9.6i-1.7.90mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0-0.9.6i-1.3.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7a-1.3.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7a-1.3.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"openssl-0.9.7a-1.3.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-devel-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"openssl-0.9.7b-4.2.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:21", "references": ["http://www.nessus.org/u?5539ab6e"], "pluginID": "13684", "description": "This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks;\nCVE-2004-0079 and CVE-2003-0851.\n\nAlso included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue which could also lead to a denial of service attack;\nCVE-2004-0081.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2004-07-23T00:00:00", "title": "Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0079", "CVE-2004-0081"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl096", "p-cpe:/a:fedoraproject:fedora:openssl", "p-cpe:/a:fedoraproject:fedora:openssl096-debuginfo", "cpe:/o:fedoraproject:fedora_core:1", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "p-cpe:/a:fedoraproject:fedora:openssl096b", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo"], "id": "FEDORA_2004-095.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13684", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-095.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13684);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 23:19:04\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\");\n script_xref(name:\"FEDORA\", value:\"2004-095\");\n\n script_name(english:\"Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes OpenSSL packages to fix two security issues\naffecting OpenSSL 0.9.7a which allow denial of service attacks;\nCVE-2004-0079 and CVE-2003-0851.\n\nAlso included are updates for the OpenSSL 0.9.6 and 0.9.6b\ncompatibility libraries included in Fedora Core 1, fixing a separate\nissue which could also lead to a denial of service attack;\nCVE-2004-0081.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-March/000095.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5539ab6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl096b-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"openssl-0.9.7a-33.10\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl-debuginfo-0.9.7a-33.10\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl-devel-0.9.7a-33.10\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl-perl-0.9.7a-33.10\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl096-0.9.6-26\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl096-debuginfo-0.9.6-26\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl096b-0.9.6b-18\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"openssl096b-debuginfo-0.9.6b-18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:41", "references": [], "pluginID": "13825", "description": "The remote host is missing the patch for the advisory SuSE-SA:2004:007 (openssl).\n\n\nOpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol.\nThe NISCC informed us about to failure conditions in openssl that can be triggered to crash applications that use the openssl library.\nThe first bug occurs during SSL/TLS handshake in the function do_change_cipher_spec() due to a NULL pointer assignment.\nThe second bug affects openssl version 0.9.7* only with Kerberos cipher suite enabled and can be triggered during SSL/TLS handshake too.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "edition": 4, "reporter": "Tenable", "published": "2004-07-25T00:00:00", "title": "SuSE-SA:2004:007: openssl", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2016-12-27T00:00:00", "cpe": [], "id": "SUSE_SA_2004_007.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SuSE-SA:2004:007\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13825);\n script_version (\"$Revision: 1.11 $\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n \n name[\"english\"] = \"SuSE-SA:2004:007: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SuSE-SA:2004:007 (openssl).\n\n\nOpenSSL is an implementation of the Secure Socket Layer (SSL v2/3)\nand Transport Layer Security (TLS v1) protocol.\nThe NISCC informed us about to failure conditions in openssl\nthat can be triggered to crash applications that use the openssl\nlibrary.\nThe first bug occurs during SSL/TLS handshake in the function\ndo_change_cipher_spec() due to a NULL pointer assignment.\nThe second bug affects openssl version 0.9.7* only with Kerberos\ncipher suite enabled and can be triggered during SSL/TLS handshake too.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2004_07_openssl.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_cvs_date(\"$Date: 2016/12/27 20:14:32 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.6c-87\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6c-87\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6g-114\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6g-114\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.6i-21\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.6i-21\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7b-133\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7b-133\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"openssl-\", release:\"SUSE8.0\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"openssl-\", release:\"SUSE9.0\") )\n{\n set_kb_item(name:\"CVE-2004-0079\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0112\", value:TRUE);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:22", "references": ["https://www.openssl.org/news/secadv/20040317.txt", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://marc.info/?l=bugtraq&m=107953412903636&w=2"], "pluginID": "17750", "description": "According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6m or 0.9.7d. \n\nA remote attacker can crash the server by sending an overly long Kerberos ticket or a crafted SSL/TLS handshake.", "edition": 6, "reporter": "Tenable", "published": "2012-01-04T00:00:00", "title": "OpenSSL < 0.9.6m / 0.9.7d Denial of Service", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_6M_0_9_7D.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17750", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17750);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n script_bugtraq_id(9899);\n script_xref(name:\"CERT\", value:\"484726\");\n\n script_name(english:\"OpenSSL < 0.9.6m / 0.9.7d Denial of Service\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is vulnerable to a denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of \nOpenSSL that is earlier than 0.9.6m or 0.9.7d. \n\nA remote attacker can crash the server by sending an overly long\nKerberos ticket or a crafted SSL/TLS handshake.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.us-cert.gov/cas/techalerts/TA04-078A.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20040317.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=107953412903636&w=2\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.6m / 0.9.7d or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.6m', '0.9.7d'), severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:30", "references": ["http://www.openssl.org/news/secadv/20040317.txt", "http://www.debian.org/security/2004/dsa-465", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"], "pluginID": "15302", "description": "Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory and this OpenSSL advisory. The Common Vulnerabilities and Exposures project identified the following vulnerabilities :\n\n - CAN-2004-0079 NULL pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service.\n\n - CAN-2004-0081\n\n A bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop).", "edition": 6, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-465-1 : openssl - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0079", "CVE-2004-0081"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl095", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:openssl", "p-cpe:/a:debian:debian_linux:openssl094"], "id": "DEBIAN_DSA-465.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15302", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-465. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15302);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\");\n script_bugtraq_id(9899);\n script_xref(name:\"CERT\", value:\"288574\");\n script_xref(name:\"CERT\", value:\"465542\");\n script_xref(name:\"DSA\", value:\"465\");\n\n script_name(english:\"Debian DSA-465-1 : openssl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in openssl, an implementation of\nthe SSL protocol, using the Codenomicon TLS Test Tool. More\ninformation can be found in the following NISCC Vulnerability Advisory\nand this OpenSSL advisory. The Common Vulnerabilities and Exposures\nproject identified the following vulnerabilities :\n\n - CAN-2004-0079\n NULL pointer assignment in the do_change_cipher_spec()\n function. A remote attacker could perform a carefully\n crafted SSL/TLS handshake against a server that used the\n OpenSSL library in such a way as to cause OpenSSL to\n crash. Depending on the application this could lead to a\n denial of service.\n\n - CAN-2004-0081\n\n A bug in older versions of OpenSSL 0.9.6 that can lead\n to a Denial of Service attack (infinite loop).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.uniras.gov.uk/vuls/2004/224012/index.htm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssl.org/news/secadv/20040317.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-465\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (woody) these problems have been fixed in\nopenssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4\nand openssl095 version 0.9.5a-6.woody.5.\n\nWe recommend that you update your openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl094\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl095\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libssl-dev\", reference:\"0.9.6c-2.woody.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl0.9.6\", reference:\"0.9.6c-2.woody.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl09\", reference:\"0.9.4-6.woody.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libssl095a\", reference:\"0.9.5a-6.woody.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"openssl\", reference:\"0.9.6c-2.woody.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ssleay\", reference:\"0.9.6c-2.woody.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:07:20", "references": ["http://www.nessus.org/u?6195bc72"], "pluginID": "17529", "description": "s700_800 11.04 Virtualvault 4.6 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.", "edition": 4, "reporter": "Tenable", "published": "2005-03-18T00:00:00", "title": "HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0113", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2014-05-22T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_30644.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_30644. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17529);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2014/05/22 11:11:55 $\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0113\", \"CVE-2004-0174\");\n script_xref(name:\"HP\", value:\"emr_na-c00944046\");\n script_xref(name:\"HP\", value:\"HPSBUX01019\");\n script_xref(name:\"HP\", value:\"SSRT4717\");\n\n script_name(english:\"HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.6 OpenSSH update : \n\nTwo potential security vulnerabilities have been identified in OpenSSL\nby NISCC (224012/1 and 224012/2). The Common Vulnerabilities and\nExposures project has referenced them as the following CAN-2004-0079,\nand CAN-2004-0112. The CERT summary is TA04-078A. 1. The\ndo_change_cipher_spec function in OpenSSL allows remote attackers to\ncause a denial of service via a crafted SSL/TLS handshake that\ntriggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,\nwhen using Kerberos ciphersuites, does not properly check the length\nof Kerberos tickets during a handshake, which allows remote attackers\nto cause a denial of service via a crafted SSL/TLS handshake that\ncauses an out-of-bounds read. CVE-2004-0112.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6195bc72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_30644 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/08\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_30644 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_30644\", \"PHSS_34567\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultTS.VV-OPENSSH\", version:\"A.04.60\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:18", "references": [], "pluginID": "54528", "description": "The remote host is missing updates announced in\nadvisory GLSA 200403-03.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 200403-03 (OpenSSL)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54528", "id": "OPENVAS:54528", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Three vulnerabilities have been found in OpenSSL via a commercial test\nsuite for the TLS protocol developed by Codenomicon Ltd.\";\ntag_solution = \"All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:\n\n # emerge sync\n # emerge -pv '>=dev-libs/openssl-0.9.7d'\n # emerge '>=dev-libs/openssl-0.9.7d'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=44941\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200403-03.\";\n\n \n\nif(description)\n{\n script_id(54528);\n script_cve_id(\"CVE-2004-0079\",\"CVE-2004-0081\",\"CVE-2004-0112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200403-03 (OpenSSL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.7d\", \"eq 0.9.6m\"), vulnerable: make_list(\"le 0.9.7c\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:27", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2", "01011"], "pluginID": "835158", "description": "Check for the Version of AAA Server", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "HP-UX Update for AAA Server HPSBUX01011", "type": "openvas", "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835158", "id": "OPENVAS:835158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for AAA Server HPSBUX01011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service.\";\ntag_affected = \"AAA Server on\n HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.06.01.02.04 HP-UX \n B.11.23 running HP-UX AAA Server A.06.01.02.06.\";\ntag_insight = \"A potential security vulnerability has been identified withthe HP-UX AAA \n server where an unauthenticated remote attackercould cause a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00897351-2\");\n script_id(835158);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01011\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\", \"CVE-2004-0081\");\n script_name( \"HP-UX Update for AAA Server HPSBUX01011\");\n\n script_summary(\"Check for the Version of AAA Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"AAAServer\", revision:\"A.06.01.02.07\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:44", "references": [], "pluginID": "53942", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-077-01.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2004-077-01 OpenSSL security update", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53942", "id": "OPENVAS:53942", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_077_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,\n9.1, and -current. These fix two potential denial-of-service\nissues in earlier versions of OpenSSL.\n\nWe recommend sites that use OpenSSL upgrade to the fixed packages\nright away.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-077-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-077-01\";\n \nif(description)\n{\n script_id(53942);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-077-01 OpenSSL security update \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.6m-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.6m-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:22", "references": [], "pluginID": "136141256231053942", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-077-01.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2004-077-01 OpenSSL security update", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:136141256231053942", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053942", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_077_01.nasl 8649 2018-02-03 12:16:43Z teissa $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,\n9.1, and -current. These fix two potential denial-of-service\nissues in earlier versions of OpenSSL.\n\nWe recommend sites that use OpenSSL upgrade to the fixed packages\nright away.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-077-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-077-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53942\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:43 +0100 (Sat, 03 Feb 2018) $\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 8649 $\");\n name = \"Slackware Advisory SSA:2004-077-01 OpenSSL security update \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.6m-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.6m-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7d-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7d-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:12", "references": [], "pluginID": "53162", "description": "The remote host is missing an update to openssl,openssl094,openssl095\nannounced via advisory DSA 465-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 465-1 (openssl,openssl094,openssl095)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0079", "CVE-2004-0081"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53162", "id": "OPENVAS:53162", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_465_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 465-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities were discovered in openssl, an implementation of\nthe SSL protocol, using the Codenomicon TLS Test Tool. More\ninformation can be found in the following NISCC Vulnerability\nAdvisory:\n\nhttp://www.uniras.gov.uk/vuls/2004/224012/index.htm\n\nand this OpenSSL advisory:\n\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n- CVE-2004-0079 - null-pointer assignment in the\ndo_change_cipher_spec() function. A remote attacker could perform\na carefully crafted SSL/TLS handshake against a server that used\nthe OpenSSL library in such a way as to cause OpenSSL to crash.\nDepending on the application this could lead to a denial of\nservice.\n\n- CVE-2004-0081 - a bug in older versions of OpenSSL 0.9.6 that\ncan lead to a Denial of Service attack (infinite loop).\n\nFor the stable distribution (woody) these problems have been fixed in\nopenssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4\nand openssl095 version 0.9.5a-6.woody.5.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you update your openssl package.\";\ntag_summary = \"The remote host is missing an update to openssl,openssl094,openssl095\nannounced via advisory DSA 465-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20465-1\";\n\nif(description)\n{\n script_id(53162);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0079\", \"CVE-2004-0081\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 465-1 (openssl,openssl094,openssl095)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssleay\", ver:\"0.9.6c-2.woody.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.6c-2.woody.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.6\", ver:\"0.9.6c-2.woody.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.6c-2.woody.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl095a\", ver:\"0.9.5a-6.woody.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl09\", ver:\"0.9.4-6.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-08T11:44:46", "references": [], "pluginID": "52647", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0079"], "modified": "2017-12-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52647", "id": "OPENVAS:52647", "sourceData": "#\n#ADV FreeBSD-SA-04:05.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"FreeBSD includes software from the OpenSSL Project. The OpenSSL\nProject is a collaborative effort to develop a robust, commercial-\ngrade, full-featured, and Open Source toolkit implementing the Secure\nSockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)\nprotocols as well as a full-strength general purpose cryptography\nlibrary.\n\nWhen processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to\ncheck that a new cipher has been previously negotiated. This may result\nin a null pointer dereference.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-04:05.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-04:05.openssl.asc\";\n\n \nif(description)\n{\n script_id(52647);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(9899);\n script_cve_id(\"CVE-2004-0079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"5.2.1\", patchlevel:\"3\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.1\", patchlevel:\"16\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.9\", patchlevel:\"4\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.8\", patchlevel:\"17\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:23", "references": [], "pluginID": "52470", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: openssl, openssl-beta", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0079"], "modified": "2016-09-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52470", "id": "OPENVAS:52470", "sourceData": "#\n#VID 68233cba-7774-11d8-89ed-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openssl\n openssl-beta\n\nCVE-2004-0079\nThe do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and\n0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service\n(crash) via a crafted SSL/TLS handshake that triggers a null\ndereference.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssl.org/news/secadv_20040317.txt\nhttp://www.vuxml.org/freebsd/68233cba-7774-11d8-89ed-0020ed76ef5a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52470);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0079\");\n script_bugtraq_id(9899);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: openssl, openssl-beta\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7d\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssl-beta\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7d\")<0) {\n txt += 'Package openssl-beta version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:34", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1", "01019"], "pluginID": "835044", "description": "Check for the Version of Apache", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "title": "HP-UX Update for Apache HPSBUX01019", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0079", "CVE-2004-0112"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835044", "id": "OPENVAS:835044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely to create a Denial \n of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1\");\n script_id(835044);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01019\");\n script_cve_id(\"CVE-2003-0079\", \"CVE-2004-0112\");\n script_name( \"HP-UX Update for Apache HPSBUX01019\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.11.23\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30639'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30640'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30641'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30642'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30643'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30644'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30645'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30646'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30647'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30648'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30649'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30650'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:58", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1", "01019"], "pluginID": "1361412562310835044", "description": "Check for the Version of Apache", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "title": "HP-UX Update for Apache HPSBUX01019", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0079", "CVE-2004-0112"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835044", "id": "OPENVAS:1361412562310835044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely to create a Denial \n of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944046-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835044\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01019\");\n script_cve_id(\"CVE-2003-0079\", \"CVE-2004-0112\");\n script_name( \"HP-UX Update for Apache HPSBUX01019\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.11.23\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30639'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30640'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30641'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30642'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30643'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-OPENSSH\", patch_list:['PHSS_30644'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30645'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTGP.TGP-CORE\", patch_list:['PHSS_30646'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultTS.VV-IWS\", patch_list:['PHSS_30647'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_30648'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30649'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HP_Webproxy.HPWEB-PX-CORE\", patch_list:['PHSS_30650'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.49.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:09", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nTechnical Cyber Security Alert TA04-078A\r\n\r\nMultiple Vulnerabilities in OpenSSL\r\n\r\n Original release date: March 18, 2004\r\n Last revised: --\r\n Source: US-CERT\r\n\r\n\r\nSystems Affected\r\n\r\n * Applications and systems that use the OpenSSL SSL/TLS library\r\n\r\n\r\nOverview\r\n\r\n Several vulnerabilities in the OpenSSL SSL/TLS library could allow an\r\n unauthenticated, remote attacker to cause a denial of service.\r\n\r\n\r\nI. Description\r\n\r\n OpenSSL implements the Secure Sockets Layer &#40;SSL&#41; and Transport Layer\r\n Security &#40;TLS&#41; protocols and includes a general purpose cryptographic\r\n library. SSL and TLS are commonly used to provide authentication,\r\n encryption, integrity, and non-repudiation services to network\r\n applications including HTTP, IMAP, POP3, SMTP, and LDAP. OpenSSL is\r\n widely deployed across a variety of platforms and systems. In\r\n particular, many routers and other types of networking equipment use\r\n OpenSSL.\r\n\r\n The U.K. National Infrastructure Security Co-ordination Centre &#40;NISCC&#41;\r\n and the OpenSSL Project have reported three vulnerabilities in the\r\n OpenSSL SSL/TLS library &#40;libssl&#41;. Any application or system that uses\r\n this library may be affected.\r\n\r\n VU#288574 - OpenSSL contains null-pointer assignment in\r\n do_change_cipher_spec&#40;&#41; function\r\n\r\n Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to\r\n 0.9.7c inclusive contain a null-pointer assignment in the\r\n do_change_cipher_spec&#40;&#41; function. By performing a specially crafted\r\n SSL/TLS handshake, an attacker could cause OpenSSL to crash, which\r\n may result in a denial of service in the target application.\r\n \r\n &#40;Other resources: OpenSSL Security Advisory &#40;1.&#41;, CAN-2004-0079,\r\n NISCC/224012/OpenSSL/1&#41;\r\n\r\n VU#484726 - OpenSSL does not adequately validate length of Kerberos\r\n tickets during SSL/TLS handshake\r\n\r\n Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL do not adequately\r\n validate the length of Kerberos tickets &#40;RFC 2712&#41; during an SSL/TLS\r\n handshake. OpenSSL is not configured to use Kerberos by default. By\r\n performing a specially crafted SSL/TLS handshake with an OpenSSL\r\n system configured to use Kerberos, an attacker could cause OpenSSL\r\n to crash, which may result in a denial of service in the target\r\n application. OpenSSL 0.9.6 is not affected.\r\n \r\n &#40;Other resources: OpenSSL Security Advisory &#40;2.&#41;, CAN-2004-0112,\r\n NISCC/224012/OpenSSL/2&#41;\r\n\r\n VU#465542 - OpenSSL does not properly handle unknown message types\r\n\r\n OpenSSL prior to version 0.9.6d does not properly handle unknown\r\n SSL/TLS message types. An attacker could cause the application using\r\n OpenSSL to enter an infinite loop, which may result in a denial of\r\n service in the target application. OpenSSL 0.9.7 is not affected.\r\n \r\n &#40;Other resources: CAN-2004-0081, NISCC/224012/OpenSSL/3&#41;\r\n\r\n\r\nII. Impact\r\n\r\n An unauthenticated, remote attacker could cause a denial of service in\r\n any application or system that uses a vulnerable OpenSSL SSL/TLS\r\n library.\r\n\r\n\r\nIII. Solution\r\n\r\nUpgrade or Apply a patch from your vendor\r\n\r\n Upgrade to OpenSSL 0.9.6m or 0.9.7d. Alternatively, upgrade or apply a\r\n patch as specified by your vendor. Note that it is necessary to\r\n recompile any applications that are statically linked to the OpenSSL\r\n SSL/TLS library.\r\n\r\n\r\nAppendix A. Vendor Information\r\n\r\n Multiple vendors are affected by different combinations of these\r\n vulnerabilities. For updated information, please see the Systems\r\n Affected sections of VU#288574, VU#484726, and VU#465542.\r\n\r\n\r\nAppendix B. References\r\n\r\n * US-CERT Technical Cyber Security Alert TA04-078A -\r\n &lt;http://www.us-cert.gov/cas/techalerts/TA04-078A.html&gt;\r\n * Vulnerability Note VU#288574 -\r\n &lt;http://www.kb.cert.org/vuls/id/288574&gt;\r\n * Vulnerability Note VU#484726 -\r\n &lt;http://www.kb.cert.org/vuls/id/484726&gt;\r\n * Vulnerability Note VU#465542 -\r\n &lt;http://www.kb.cert.org/vuls/id/465542&gt;\r\n * OpenSSL Security Advisory [17 March 2004] -\r\n &lt;http://www.openssl.org/news/secadv_20040317.txt&gt;\r\n * NISCC Vulnerability Advisory 224012 -\r\n &lt;http://www.uniras.gov.uk/vuls/2004/224012/index.htm&gt;\r\n * RFC 2712 Addition of Kerberos Cipher Suites to Transport Layer\r\n Security &#40;TLS&#41; - &lt;http://www.ietf.org/rfc/rfc2712.txt&gt;\r\n\r\n _________________________________________________________________\r\n\r\n These vulnerabilities were researched and reported by the OpenSSL\r\n Project and the U.K. National Infrastructure Security Co-ordination\r\n Centre &#40;NISCC&#41;.\r\n _________________________________________________________________\r\n\r\n Feedback can be directed to the authors: Art Manion and Damon Morda.\r\n _________________________________________________________________\r\n\r\n\r\n Copyright 2004 Carnegie Mellon University. Terms of use.\r\n\r\n Revision History\r\n\r\n March 18, 2004: Initial release\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.1 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFAWiHMXlvNRxAkFWARAvBKAJ4zD2uh0dqSXy4CjyPphrJlcpAD/QCfZASx\r\nPLs+5hkNGzVPGQF08K2kPj0=\r\n=Lxfo\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2004-03-19T00:00:00", "title": "US-CERT Technical Cyber Security Alert TA04-078A -- Multiple Vulnerabilities in OpenSSL", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2004-03-19T00:00:00", "id": "SECURITYVULNS:DOC:5919", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5919", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "references": [], "description": "OpenSSL Security Advisory [17 March 2004]\r\n\r\nUpdated versions of OpenSSL are now available which correct two \r\nsecurity issues:\r\n\r\n\r\n1. Null-pointer assignment during SSL handshake\r\n===============================================\r\n\r\nTesting performed by the OpenSSL group using the Codenomicon TLS Test\r\nTool uncovered a null-pointer assignment in the\r\ndo_change_cipher_spec&#40;&#41; function. A remote attacker could perform a\r\ncarefully crafted SSL/TLS handshake against a server that used the\r\nOpenSSL library in such a way as to cause OpenSSL to crash. Depending\r\non the application this could lead to a denial of service.\r\n\r\nThe Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\nassigned the name CAN-2004-0079 to this issue.\r\n\r\nAll versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from\r\n0.9.7a to 0.9.7c inclusive are affected by this issue. Any\r\napplication that makes use of OpenSSL&#39;s SSL/TLS library may be\r\naffected. Please contact your application vendor for details.\r\n\r\n\r\n2. Out-of-bounds read affects Kerberos ciphersuites\r\n===================================================\r\n\r\nStephen Henson discovered a flaw in SSL/TLS handshaking code when\r\nusing Kerberos ciphersuites. A remote attacker could perform a\r\ncarefully crafted SSL/TLS handshake against a server configured to use\r\nKerberos ciphersuites in such a way as to cause OpenSSL to crash.\r\nMost applications have no ability to use Kerberos ciphersuites and\r\nwill therefore be unaffected.\r\n\r\nThe Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\nassigned the name CAN-2004-0112 to this issue.\r\n\r\nVersions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this\r\nissue. Any application that makes use of OpenSSL&#39;s SSL/TLS library\r\nmay be affected. Please contact your application vendor for details.\r\n\r\nRecommendations\r\n---------------\r\n\r\nUpgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications\r\nstatically linked to OpenSSL libraries.\r\n\r\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\r\nFTP from the following master locations &#40;you can find the various FTP\r\nmirrors under http://www.openssl.org/source/mirror.html&#41;:\r\n\r\n ftp://ftp.openssl.org/source/\r\n\r\nThe distribution file names are:\r\n\r\n o openssl-0.9.7d.tar.gz\r\n MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\r\n \r\n o openssl-0.9.6m.tar.gz [normal]\r\n MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\r\n o openssl-engine-0.9.6m.tar.gz [engine]\r\n MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\r\n\r\nThe checksums were calculated using the following command:\r\n\r\n openssl md5 openssl-0.9*.tar.gz\r\n\r\nCredits\r\n-------\r\n\r\nPatches for these issues were created by Dr Stephen Henson\r\n&#40;steve@openssl.org&#41; of the OpenSSL core team. The OpenSSL team would\r\nlike to thank Codenomicon for supplying the TLS Test Tool which was\r\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\r\nperforming the majority of the testing.\r\n\r\nReferences\r\n----------\r\n\r\nhttp://www.codenomicon.com/testtools/tls/\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\r\n\r\nURL for this Security Advisory:\r\nhttp://www.openssl.org/news/secadv_20040317.txt\r\n\r\n\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2004-03-17T00:00:00", "title": "OpenSSL Security Advisory [17 March 2004]", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2004-03-17T00:00:00", "id": "SECURITYVULNS:DOC:5915", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5915", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-08-02T14:57:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-16", "packageFilename": "openssl096b-0.9.6b-16.i386.rpm", "packageName": "openssl096b", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.7a-33.4", "packageFilename": "openssl-0.9.7a-33.4.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.7a-33.4", "packageFilename": "openssl-0.9.7a-33.4.ia64.rpm", "packageName": "openssl", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.7a-33.4", "packageFilename": "openssl-devel-0.9.7a-33.4.ia64.rpm", "packageName": "openssl-devel", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.7a-33.4", "packageFilename": "openssl-perl-0.9.7a-33.4.ia64.rpm", "packageName": "openssl-perl", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-16", "packageFilename": "openssl096b-0.9.6b-16.ia64.rpm", "packageName": "openssl096b", "arch": "ia64", "operator": "lt"}], "description": "The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\nTransport Layer Security (TLS v1) protocols, and serves as a full-strength\ngeneral purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a null-pointer assignment in the do_change_cipher_spec() function\nin OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could\nperform a carefully crafted SSL/TLS handshake against a server that uses\nthe OpenSSL library in such a way as to cause OpenSSL to crash. Depending\non the application this could lead to a denial of service. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0079 to this issue.\n\nStephen Henson discovered a flaw in SSL/TLS handshaking code when using\nKerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could\nperform a carefully crafted SSL/TLS handshake against a server configured\nto use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. \nMost applications have no ability to use Kerberos ciphersuites and will\ntherefore be unaffected by this issue. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to\nthis issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue. This issue affects only the OpenSSL\ncompatibility packages shipped with Red Hat Enterprise Linux 3.\n\nThese updated packages contain patches provided by the OpenSSL group that\nprotect against these issues.\n\nAdditionally, the version of libica included in the OpenSSL packages has\nbeen updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries\ncustomers and is required for the latest openCryptoki packages.\n\nNOTE: Because server applications are affected by this issue, users are\nadvised to either restart all services that use OpenSSL functionality or\nrestart their systems after installing these updates.", "reporter": "RedHat", "published": "2004-05-21T04:00:00", "type": "redhat", "title": "(RHSA-2004:120) openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:28:33", "id": "RHSA-2004:120", "href": "https://access.redhat.com/errata/RHSA-2004:120", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:19:23", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "i386", "packageFilename": "openssl096b-0.9.6b-22.42.i386.rpm", "packageName": "openssl096b", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "src", "packageFilename": "openssl096b-0.9.6b-22.42.src.rpm", "packageName": "openssl096b", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "ia64", "packageFilename": "openssl096b-0.9.6b-22.42.ia64.rpm", "packageName": "openssl096b", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "x86_64", "packageFilename": "openssl096b-0.9.6b-22.42.x86_64.rpm", "packageName": "openssl096b", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "ppc", "packageFilename": "openssl096b-0.9.6b-22.42.ppc.rpm", "packageName": "openssl096b", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-22.42", "arch": "s390", "packageFilename": "openssl096b-0.9.6b-22.42.s390.rpm", "packageName": "openssl096b", "operator": "lt"}], "description": "The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\r\nTransport Layer Security (TLS v1) protocols, and serves as a full-strength\r\ngeneral purpose cryptography library. OpenSSL 0.9.6b libraries are provided\r\nfor Red Hat Enterprise Linux 3 and 4 to allow compatibility with legacy\r\napplications.\r\n\r\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\r\nuncovered a null-pointer assignment in the do_change_cipher_spec()\r\nfunction. A remote attacker could perform a carefully crafted SSL/TLS\r\nhandshake against a server that uses the OpenSSL library in such a way as\r\nto cause OpenSSL to crash. Depending on the server this could lead to a\r\ndenial of service. (CVE-2004-0079)\r\n\r\nThis issue was reported as not affecting OpenSSL versions prior to 0.9.6c,\r\nand testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as\r\nshipped as a compatibility library with Red Hat Enterprise Linux 3 and 4\r\ndid not crash. However, an alternative reproducer has been written which\r\nshows that this issue does affect versions of OpenSSL prior to 0.9.6c.\r\n\r\nNote that Red Hat does not ship any applications with Red Hat Enterprise\r\nLinux 3 or 4 that use these compatibility libraries. \r\n\r\nUsers of the OpenSSL096b compatibility package are advised to upgrade to\r\nthese updated packages, which contain a patch provided by the OpenSSL group\r\nthat protect against this issue.", "reporter": "RedHat", "published": "2005-11-02T05:00:00", "type": "redhat", "title": "(RHSA-2005:830) openssl096b security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:06:50", "id": "RHSA-2005:830", "href": "https://access.redhat.com/errata/RHSA-2005:830", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-03-14T15:43:44", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6-28", "arch": "i386", "packageFilename": "openssl096-0.9.6-28.i386.rpm", "packageName": "openssl096", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.5a-28", "arch": "i386", "packageFilename": "openssl095a-0.9.5a-28.i386.rpm", "packageName": "openssl095a", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6-28", "arch": "ia64", "packageFilename": "openssl096-0.9.6-28.ia64.rpm", "packageName": "openssl096", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "ia64", "packageFilename": "openssl-perl-0.9.6b-42.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "ia64", "packageFilename": "openssl-0.9.6b-42.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "i386", "packageFilename": "openssl-devel-0.9.6b-42.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.5a-28", "arch": "ia64", "packageFilename": "openssl095a-0.9.5a-28.ia64.rpm", "packageName": "openssl095a", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "ia64", "packageFilename": "openssl-devel-0.9.6b-42.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "i386", "packageFilename": "openssl-perl-0.9.6b-42.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "i686", "packageFilename": "openssl-0.9.6b-42.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-42", "arch": "i386", "packageFilename": "openssl-0.9.6b-42.i386.rpm", "packageName": "openssl", "operator": "lt"}], "description": "The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\r\nTransport Layer Security (TLS v1) protocols, and serves as a full-strength\r\ngeneral purpose cryptography library.\r\n\r\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\r\nuncovered a null-pointer assignment in the do_change_cipher_spec()\r\nfunction. A remote attacker could perform a carefully crafted SSL/TLS\r\nhandshake against a server that uses the OpenSSL library in such a way as\r\nto cause OpenSSL to crash. Depending on the server this could lead to a\r\ndenial of service. (CVE-2004-0079)\r\n\r\nThis issue was reported as not affecting OpenSSL versions prior to 0.9.6c,\r\nand testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as\r\nshipped in Red Hat Enterprise Linux 2.1 did not crash. However, an\r\nalternative reproducer has been written which shows that this issue does\r\naffect versions of OpenSSL prior to 0.9.6c.\r\n\r\nUsers of OpenSSL are advised to upgrade to these updated packages, which \r\ncontain a patch provided by the OpenSSL group that protects against this issue.\r\n\r\nNOTE: Because server applications are affected by this issue, users are\r\nadvised to either restart all services that use OpenSSL functionality or\r\nrestart their systems after installing these updates.", "reporter": "RedHat", "published": "2005-11-02T05:00:00", "type": "redhat", "title": "(RHSA-2005:829) openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:26:07", "id": "RHSA-2005:829", "href": "https://access.redhat.com/errata/RHSA-2005:829", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-03-14T15:43:48", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "ia64", "packageFilename": "openssl-0.9.6b-36.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "i386", "packageFilename": "openssl-0.9.6b-36.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "i386", "packageFilename": "openssl-perl-0.9.6b-36.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "ia64", "packageFilename": "openssl-perl-0.9.6b-36.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "i686", "packageFilename": "openssl-0.9.6b-36.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "ia64", "packageFilename": "openssl-devel-0.9.6b-36.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.5a-24", "arch": "i386", "packageFilename": "openssl095a-0.9.5a-24.i386.rpm", "packageName": "openssl095a", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6-25.7", "arch": "i386", "packageFilename": "openssl096-0.9.6-25.7.i386.rpm", "packageName": "openssl096", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6b-36", "arch": "i386", "packageFilename": "openssl-devel-0.9.6b-36.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.5a-24", "arch": "ia64", "packageFilename": "openssl095a-0.9.5a-24.ia64.rpm", "packageName": "openssl095a", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.6-25.7", "arch": "ia64", "packageFilename": "openssl096-0.9.6-25.7.ia64.rpm", "packageName": "openssl096", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\nTransport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nThese updated packages contain patches provided by the OpenSSL group that\nprotect against these issues.\n\nNOTE: Because server applications are affected by this issue, users are\nadvised to either restart all services using OpenSSL functionality or\nrestart their system after installing these updated packages.", "reporter": "RedHat", "published": "2004-03-17T05:00:00", "type": "redhat", "title": "(RHSA-2004:119) openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0851", "CVE-2004-0081"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:26:11", "id": "RHSA-2004:119", "href": "https://access.redhat.com/errata/RHSA-2004:119", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2018-07-04T01:25:15", "references": [], "description": "", "edition": 1, "reporter": "f5", "published": "2004-02-23T04:00:00", "title": "Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112", "type": "f5", "enchantments": {"score": {"modified": "2018-07-04T01:25:15", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-0112", "CVE-2004-0079", "CVE-2004-0081"], "modified": "2018-07-03T23:20:00", "id": "F5:K3082", "href": "https://support.f5.com/csp/article/K3082", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cisco": [{"lastseen": "2018-04-07T04:12:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040317-openssl"], "description": "", "reporter": "Cisco", "published": "2004-03-17T13:00:00", "type": "cisco", "title": "Cisco OpenSSL Implementation Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Application and Content Networking System (ACNS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco PIX Firewall Software", "version": "any", "operator": "eq"}, {"name": "Cisco WebNS", "version": "any", "operator": "eq"}, {"name": "Cisco GSS Global Site Selector", "version": "any", "operator": "eq"}, {"name": "Cisco Firewall Services Module (FWSM)", "version": "any", "operator": "eq"}, {"name": "CiscoWorks Common Services (CS)", "version": "any", "operator": "eq"}, {"name": "CiscoWorks Common Management Foundation (CMF)", "version": "any", "operator": "eq"}, {"name": "Cisco MDS SAN-OS Software", "version": "any", "operator": "eq"}, {"name": "Cisco Okena StormWatch", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Communications Manager", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2004-03-17T13:00:00", "id": "CISCO-SA-20040317-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040317-openssl", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:06", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "8.1", "packageVersion": "0.9.6m", "arch": "i386", "packageFilename": "openssl-0.9.6m-i386-1.tgz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.1", "packageVersion": "0.9.7d", "arch": "i486", "packageFilename": "openssl-solibs-0.9.7d-i486-1.tgz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.1", "packageVersion": "0.9.7d", "arch": "i486", "packageFilename": "openssl-0.9.7d-i486-1.tgz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "8.1", "packageVersion": "0.9.6m", "arch": "i386", "packageFilename": "openssl-solibs-0.9.6m-i386-1.tgz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.0", "packageVersion": "0.9.7d", "arch": "i386", "packageFilename": "openssl-solibs-0.9.7d-i386-1.tgz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.0", "packageVersion": "0.9.7d", "arch": "i386", "packageFilename": "openssl-0.9.7d-i386-1.tgz", "packageName": "openssl", "operator": "lt"}], "description": "Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,\n9.1, and -current. These fix two potential denial-of-service\nissues in earlier versions of OpenSSL.\n\nWe recommend sites that use OpenSSL upgrade to the fixed packages\nright away.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nHere are the details from the Slackware 9.1 ChangeLog:\n\nWed Mar 17 14:41:42 PST 2004\npatches/packages/openssl-0.9.7d-i486-1.tgz: Upgraded to openssl-0.9.7d.\npatches/packages/openssl-solibs-0.9.7d-i486-1.tgz: Upgraded to\n openssl-0.9.7d. This fixes two potential denial-of-service issues in\n earlier versions of OpenSSL. For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n (* Security fix *)\n\nWHERE TO FIND THE NEW PACKAGES:\n\nUpdated packages for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6m-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6m-i386-1.tgz\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7d-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7d-i386-1.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7d-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7d-i486-1.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7d-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7d-i486-1.tgz\n\n\nMD5 SIGNATURES:\n\nSlackware 8.1 packages:\n9526929bee40c6f29ddd3e9549deff3a openssl-0.9.6m-i386-1.tgz\n8e9e9121276309c6082d4f16aa1ba31e openssl-solibs-0.9.6m-i386-1.tgz\n\nSlackware 9.0 packages:\n51738802d6c2c33852870e5921a96b71 openssl-0.9.7d-i386-1.tgz\n18a9c560acf5c9df7f782bd16455d964 openssl-solibs-0.9.7d-i386-1.tgz\n\nSlackware 9.1 packages:\n24e4d36cf911d45c5e33a075bb353a85 openssl-0.9.7d-i486-1.tgz\nb53517348c04a279fb8139d98367f1cb openssl-solibs-0.9.7d-i486-1.tgz\n\nSlackware -current packages:\n04df11995b00fcd19cdf2ced00c962eb openssl-0.9.7d-i486-1.tgz\nbd21b8d487217758b903bdbc9ac309a1 openssl-solibs-0.9.7d-i486-1.tgz\n\n\nINSTALLATION INSTRUCTIONS:\n\nUpgrade using upgradepkg (as root):\n > upgradepkg openssl-0.9.7d-i486-1.tgz openssl-solibs-0.9.7d-i486-1.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2004-03-17T17:34:04", "title": "OpenSSL security update", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0112", "CVE-2004-0079"], "modified": "2004-03-17T17:34:04", "id": "SSA-2004-077-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:32:20", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "i686", "packageFilename": "openssl_0.9.6c-2.woody.6_i386.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "m68k", "packageFilename": "openssl_0.9.6c-2.woody.6_m68k.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "i686", "packageFilename": "libssl095a_0.9.5a-6.woody.5_i386.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "alpha", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_alpha.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-6.woody.3", "arch": "i686", "packageFilename": "libssl09_0.9.4-6.woody.3_i386.deb", "packageName": "libssl09", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a.orig", "arch": "src", "packageFilename": "openssl095_0.9.5a.orig.tar.gz", "packageName": "openssl095", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ia64", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_ia64.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ia64", "packageFilename": "openssl_0.9.6c-2.woody.6_ia64.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "m68k", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_m68k.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "mips", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_mips.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "sparc", "packageFilename": "openssl_0.9.6c-2.woody.6_sparc.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4.orig", "arch": "src", "packageFilename": "openssl094_0.9.4.orig.tar.gz", "packageName": "openssl094", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "hppa", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_hppa.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.5", "arch": "mipsel", "packageFilename": "openssl_0.9.6c-2.woody.5_mipsel.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "src", "packageFilename": "openssl095_0.9.5a-6.woody.5.dsc", "packageName": "openssl095", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "arm", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_arm.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ppc", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_powerpc.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "ppc", "packageFilename": "libssl095a_0.9.5a-6.woody.5_powerpc.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ppc", "packageFilename": "openssl_0.9.6c-2.woody.6_powerpc.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-6.woody.3", "arch": "src", "packageFilename": "openssl094_0.9.4-6.woody.3.dsc", "packageName": "openssl094", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ppc", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_powerpc.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "mips", "packageFilename": "libssl095a_0.9.5a-6.woody.5_mips.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "sparc", "packageFilename": "libssl095a_0.9.5a-6.woody.5_sparc.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "arm", "packageFilename": "libssl095a_0.9.5a-6.woody.5_arm.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.5", "arch": "mipsel", "packageFilename": "libssl-dev_0.9.6c-2.woody.5_mipsel.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "hppa", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_hppa.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "i686", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_i386.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "mipsel", "packageFilename": "libssl095a_0.9.5a-6.woody.5_mipsel.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.5", "arch": "mipsel", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.5_mipsel.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "src", "packageFilename": "openssl_0.9.6c-2.woody.6.dsc", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "i686", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_i386.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6.diff", "arch": "src", "packageFilename": "openssl_0.9.6c-2.woody.6.diff.gz", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "ia64", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_ia64.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "hppa", "packageFilename": "openssl_0.9.6c-2.woody.6_hppa.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c.orig", "arch": "src", "packageFilename": "openssl_0.9.6c.orig.tar.gz", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5.diff", "arch": "src", "packageFilename": "openssl095_0.9.5a-6.woody.5.diff.gz", "packageName": "openssl095", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-6.woody.3.diff", "arch": "src", "packageFilename": "openssl094_0.9.4-6.woody.3.diff.gz", "packageName": "openssl094", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "arm", "packageFilename": "openssl_0.9.6c-2.woody.6_arm.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "s390x", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_s390.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "arm", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_arm.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "alpha", "packageFilename": "libssl095a_0.9.5a-6.woody.5_alpha.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "m68k", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_m68k.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "alpha", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_alpha.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "sparc", "packageFilename": "libssl-dev_0.9.6c-2.woody.6_sparc.deb", "packageName": "libssl-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "s390x", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_s390.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "all", "packageFilename": "ssleay_0.9.6c-2.woody.6_all.deb", "packageName": "ssleay", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.5a-6.woody.5", "arch": "m68k", "packageFilename": "libssl095a_0.9.5a-6.woody.5_m68k.deb", "packageName": "libssl095a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "alpha", "packageFilename": "openssl_0.9.6c-2.woody.6_alpha.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "mips", "packageFilename": "openssl_0.9.6c-2.woody.6_mips.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "mips", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_mips.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "sparc", "packageFilename": "libssl0.9.6_0.9.6c-2.woody.6_sparc.deb", "packageName": "libssl0.9.6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.6c-2.woody.6", "arch": "s390x", "packageFilename": "openssl_0.9.6c-2.woody.6_s390.deb", "packageName": "openssl", "operator": "lt"}], "description": "Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following [NISCC Vulnerability Advisory](<http://www.uniras.gov.uk/vuls/2004/224012/index.htm>) and this [OpenSSL advisory](<http://www.openssl.org/news/secadv_20040317.txt>). The Common Vulnerabilities and Exposures project identified the following vulnerabilities:\n\n * [CAN-2004-0079](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079>)\n\nNull-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service.\n\n * [CAN-2004-0081](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081>)\n\nA bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop).\n\nFor the stable distribution (woody) these problems have been fixed in openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4 and openssl095 version 0.9.5a-6.woody.5.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you update your openssl package.", "edition": 1, "reporter": "Debian", "published": "2004-03-17T00:00:00", "title": "openssl -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079", "CVE-2004-0081"], "modified": "2004-03-17T00:00:00", "id": "DSA-465", "href": "http://www.debian.org/security/dsa-465", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:59:55", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "0.9.7b-133", "arch": "i586", "packageFilename": "openssl-0.9.7b-133.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "0.9.6c-87", "arch": "i386", "packageFilename": "openssl-devel-0.9.6c-87.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "0.9.6i-21", "arch": "i586", "packageFilename": "openssl-devel-0.9.6i-21.i586.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "0.9.6g-114", "arch": "i586", "packageFilename": "openssl-devel-0.9.6g-114.i586.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "0.9.6g-114", "arch": "i586", "packageFilename": "openssl-0.9.6g-114.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "0.9.7b-133", "arch": "i586", "packageFilename": "openssl-devel-0.9.7b-133.i586.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "0.9.6c-87", "arch": "i386", "packageFilename": "openssl-0.9.6c-87.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "0.9.6i-21", "arch": "i586", "packageFilename": "openssl-0.9.6i-21.i586.rpm", "packageName": "openssl", "operator": "lt"}], "description": "OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. The NISCC informed us about to failure conditions in openssl that can be triggered to crash applications that use the openssl library. The first bug occurs during SSL/TLS handshake in the function do_change_cipher_spec() due to a NULL pointer assignment. The second bug affects openssl version 0.9.7* only with Kerberos cipher-suite enabled and can be triggered during SSL/TLS handshake too.", "edition": 1, "reporter": "Suse", "published": "2004-03-17T13:37:40", "title": "remote denial-of-service in openssl", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0112", "CVE-2003-0592", "CVE-2004-0079", "CVE-2003-0991"], "modified": "2004-03-17T13:37:40", "id": "SUSE-SA:2004:007", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-03/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2018-08-31T02:37:03", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0079", "http://www.openssl.org", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://www.openssl.org/news/secadv_20040317.txt", "http://www.openssl.org/news/secadv_20040317.txt", "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt", "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt", "http://www.openssl.org/", "http://www.ietf.org/rfc/rfc2246.txt"], "description": "### Overview\n\nOpenSSL contains a null-pointer assignment in the `do_change_cipher_spec()` function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.\n\n### Description\n\n[OpenSSL](<http://www.openssl.org/>) implements the Secure Sockets Layer (SSL) and Transport Layer Security ([TLS](<http://www.ietf.org/rfc/rfc2246.txt>)) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. \n\nVersions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the `do_change_cipher_spec()` function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash. \n \nFurther information is available in an advisory from [OpenSSL](<http://www.openssl.org/news/secadv_20040317.txt>) and [NISCC/224012/OpenSSL/1](<http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt>). \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL. \n \n--- \n \n### Solution\n\n**Upgrade or Patch** \nUpgrade to OpenSSL 0.9.7d or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer Inc.| | 17 Mar 2004| 06 May 2005 \nCheck Point| | 17 Mar 2004| 25 Mar 2004 \nDebian| | 17 Mar 2004| 26 Mar 2004 \nOpenSSL| | -| 16 Mar 2004 \nRed Hat Inc.| | 17 Mar 2004| 25 Mar 2004 \nSuSE Inc.| | 17 Mar 2004| 25 Mar 2004 \nExtreme Networks| | 17 Mar 2004| 26 Mar 2004 \n3Com| | -| 18 Mar 2004 \nAlcatel| | -| 18 Mar 2004 \nApache| | -| 18 Mar 2004 \nApache-SSL| | -| 18 Mar 2004 \nAt&amp;T;| | -| 18 Mar 2004 \nAvaya| | -| 18 Mar 2004 \nBorderware| | -| 18 Mar 2004 \nBSDI| | -| 18 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23288574 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/cas/techalerts/TA04-078A.html>\n * <http://www.openssl.org/news/secadv_20040317.txt>\n * <http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt>\n * <http://www.openssl.org>\n\n### Credit\n\nThis vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0079>)\n * Date Public: 17 Mar 2004\n * Date First Published: 17 Mar 2004\n * Date Last Updated: 26 Mar 2004\n * Severity Metric: 27.38\n * Document Revision: 19\n\n", "edition": 3, "reporter": "CERT", "published": "2004-03-17T00:00:00", "title": "OpenSSL contains null-pointer assignment in do_change_cipher_spec() function", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0079", "CVE-2004-0079"], "modified": "2004-03-26T00:00:00", "id": "VU:288574", "href": "https://www.kb.cert.org/vuls/id/288574", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:37", "references": ["http://www.openssl.org", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0112", "http://www.ietf.org/rfc/rfc2712.txt", "http://www.ietf.org/rfc/rfc2712.txt", "http://www.openssl.org/news/secadv_20040317.txt", "http://www.openssl.org/news/secadv_20040317.txt", "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt", "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt", "http://www.openssl.org/", "http://www.ietf.org/rfc/rfc2246.txt"], "description": "### Overview\n\nOpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash.\n\n### Description\n\n[OpenSSL](<http://www.openssl.org/>) implements the Secure Sockets Layer (SSL) and Transport Layer Security ([TLS](<http://www.ietf.org/rfc/rfc2246.txt>)) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. \n\nAccording to [RFC2712](<http://www.ietf.org/rfc/rfc2712.txt>), TLS allows clients and servers to negotiate cipher suites to meet specific security and administrative policies. In order to provide Kerberos-based authentication, TLS supports the Kerberos cipher suites. \n \nVersions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL contain a vulnerability in code that processes SSL/TLS handshakes using Kerberos cipher suites. This vulnerability can be exploited by a remote attacker using a specially crafted SSL/TLS handshake to a server configured to use the Kerberos cipher suites. When the server attempts to process this request, OpenSSL could crash. OpenSSL 0.9.6 is not affected. \n \nFurther information is available in an advisory from [OpenSSL](<http://www.openssl.org/news/secadv_20040317.txt>) and [NISCC/224012/OpenSSL/2](<http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt>). \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL with Kerberos cipher suites. \n \n--- \n \n### Solution\n\n**Upgrade or Patch** \nUpgrade to OpenSSL 0.9.7d. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer Inc.| | 17 Mar 2004| 06 May 2005 \nOpenSSL| | -| 16 Mar 2004 \n3Com| | -| 18 Mar 2004 \nAlcatel| | -| 18 Mar 2004 \nApache| | -| 18 Mar 2004 \nAt&amp;T;| | -| 18 Mar 2004 \nAvaya| | -| 18 Mar 2004 \nBorderware| | -| 18 Mar 2004 \nBSDI| | -| 18 Mar 2004 \nCerticom| | -| 18 Mar 2004 \nCheck Point| | -| 18 Mar 2004 \nCisco Systems Inc.| | -| 18 Mar 2004 \nClavister| | -| 18 Mar 2004 \nComputer Associates| | -| 18 Mar 2004 \nConectiva| | -| 18 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23484726 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/cas/techalerts/TA04-078A.html>\n * <http://www.openssl.org/news/secadv_20040317.txt>\n * <http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt>\n * <http://www.openssl.org>\n * <http://www.ietf.org/rfc/rfc2712.txt>\n\n### Credit\n\nThis vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0112](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0112>)\n * Date Public: 17 Mar 2004\n * Date First Published: 17 Mar 2004\n * Date Last Updated: 26 Mar 2004\n * Severity Metric: 10.32\n * Document Revision: 28\n\n", "edition": 3, "reporter": "CERT", "published": "2004-03-17T00:00:00", "title": "OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0112", "CVE-2004-0112"], "modified": "2004-03-26T00:00:00", "id": "VU:484726", "href": "https://www.kb.cert.org/vuls/id/484726", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:38:12", "references": ["http://www.openssl.org", "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0081", "http://cvs.openssl.org/chngview?cn=5721", "http://cvs.openssl.org/chngview?cn=5721", "http://cvs.openssl.org/chngview?cn=5721", "http://cvs.openssl.org/getfile?v=1.618.2.137&f=openssl/CHANGES", "http://cvs.openssl.org/getfile?v=1.954&f=openssl/CHANGES", "http://www.openssl.org/", "http://www.ietf.org/rfc/rfc2246.txt", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "http://cvs.openssl.org/chngview?cn=5722", "http://cvs.openssl.org/chngview?cn=5722", "http://cvs.openssl.org/chngview?cn=5722"], "description": "### Overview\n\nOpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL [0.9.6d](<http://cvs.openssl.org/chngview?cn=5721>) and [0.9.7](<http://cvs.openssl.org/chngview?cn=5722>).\n\n### Description\n\n[OpenSSL](<http://www.openssl.org/>) implements the Secure Sockets Layer (SSL) and Transport Layer Security ([TLS](<http://www.ietf.org/rfc/rfc2246.txt>)) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. \n\nOpenSSL prior to version 0.9.6d does not properly handle unknown message types. An attacker could cause the application using OpenSSL to enter an infinite loop, resulting in a denial of service. \n \nFurther information is available in [NISCC/224012/OpenSSL/3](<http://www.uniras.gov.uk/vuls/2004/224012/index.htm>). \n \n--- \n \n### Impact\n\nAn unauthenticated, remote attacker could cause a denial of service in an application that uses OpenSSL. \n \n--- \n \n### Solution\n\n**Upgrade or Patch** \nThis vulnerability was addressed in OpenSSL versions [0.9.6d](<http://cvs.openssl.org/chngview?cn=5721>) and [0.9.7](<http://cvs.openssl.org/chngview?cn=5722>). Upgrade to OpenSSL version 0.9.6d or 0.9.7 greater. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nCisco Systems Inc.| | 17 Mar 2004| 18 Mar 2004 \nDebian| | 17 Mar 2004| 18 Mar 2004 \nGentoo Linux| | -| 18 Mar 2004 \nGuardian Digital Inc. | | 17 Mar 2004| 18 Mar 2004 \nNetScreen| | 17 Mar 2004| 18 Mar 2004 \nOpenSSL| | -| 17 Mar 2004 \nRed Hat Inc.| | 17 Mar 2004| 18 Mar 2004 \nApple Computer Inc.| | 17 Mar 2004| 06 May 2005 \n3Com| | -| 18 Mar 2004 \nAlcatel| | -| 18 Mar 2004 \nApache| | -| 18 Mar 2004 \nApache-SSL| | -| 18 Mar 2004 \nAT&amp;T;| | -| 18 Mar 2004 \nAvaya| | -| 18 Mar 2004 \nBorderware| | -| 18 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23465542 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/cas/techalerts/TA04-078A.html>\n * <http://www.openssl.org>\n * <http://www.uniras.gov.uk/vuls/2004/224012/index.htm>\n * <http://cvs.openssl.org/chngview?cn=5721>\n * <http://cvs.openssl.org/chngview?cn=5722>\n * [http://cvs.openssl.org/getfile?v=1.618.2.137&amp;f;=openssl/CHANGES](<http://cvs.openssl.org/getfile?v=1.618.2.137&f=openssl/CHANGES>)\n * [http://cvs.openssl.org/getfile?v=1.954&amp;f;=openssl/CHANGES](<http://cvs.openssl.org/getfile?v=1.954&f=openssl/CHANGES>)\n\n### Credit\n\nThis vulnerability was reported by the OpenSSL Project and the U.K. National Infrastructure Security Co-ordination Centre (NISCC).\n\nThis document was written by Damon Morda and Art Manion.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0081>)\n * Date Public: 17 Mar 2004\n * Date First Published: 17 Mar 2004\n * Date Last Updated: 06 May 2005\n * Severity Metric: 5.16\n * Document Revision: 27\n\n", "edition": 3, "reporter": "CERT", "published": "2004-03-17T00:00:00", "title": "OpenSSL does not properly handle unknown message types", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0081", "CVE-2004-0081"], "modified": "2005-05-06T00:00:00", "id": "VU:465542", "href": "https://www.kb.cert.org/vuls/id/465542", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "references": [], "edition": 1, "description": "## Vulnerability Description\nOpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when a null-pointer assignment in the do_change_cipher_spec() function is accessed via a carefully crafted SSL/TLS handshake. This might cause some applications that depend on OpenSSL to crash or otherwise lead to a denial of service, and will result in loss of availability for OpenSSL or the application that is depending on it.\n## Solution Description\nUpgrade to version 0.9.6l, 0.9.7d, or higher and recompile all applications which statically link to OpenSSL, as this has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.\n## Short Description\nOpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when a null-pointer assignment in the do_change_cipher_spec() function is accessed via a carefully crafted SSL/TLS handshake. This might cause some applications that depend on OpenSSL to crash or otherwise lead to a denial of service, and will result in loss of availability for OpenSSL or the application that is depending on it.\n## References:\n[Vendor Specific Advisory URL](http://www.tarantella.com/security/bulletin-10.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961)\n[Vendor Specific Advisory URL](http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58123&os=NT&returninput=0)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-4136.html)\n[Vendor Specific Advisory URL](http://smoothwall.org/security/advisories/SWP-2004.003.html)\n[Vendor Specific Advisory URL](http://www.stonesoft.com/document/art/3123.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-465)\n[Vendor Specific Advisory URL](http://www.redhat.com/support/errata/RHSA-2004-121.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_07_openssl.html)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/trustix_advisory-4152.html)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/gentoo_advisory-4149.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57571)\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc)\n[Vendor Specific Advisory URL](http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\n[Vendor Specific Advisory URL](http://www.juniper.net/support/security/alerts/adv58466-2.txt)\nUS-CERT Cyber Security Alert: TA04-078A\n[Secunia Advisory ID:11278](https://secuniaresearch.flexerasoftware.com/advisories/11278/)\n[Secunia Advisory ID:11254](https://secuniaresearch.flexerasoftware.com/advisories/11254/)\n[Secunia Advisory ID:13952](https://secuniaresearch.flexerasoftware.com/advisories/13952/)\n[Secunia Advisory ID:14088](https://secuniaresearch.flexerasoftware.com/advisories/14088/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:18247](https://secuniaresearch.flexerasoftware.com/advisories/18247/)\n[Secunia Advisory ID:11228](https://secuniaresearch.flexerasoftware.com/advisories/11228/)\n[Secunia Advisory ID:11565](https://secuniaresearch.flexerasoftware.com/advisories/11565/)\n[Secunia Advisory ID:11728](https://secuniaresearch.flexerasoftware.com/advisories/11728/)\n[Secunia Advisory ID:17381](https://secuniaresearch.flexerasoftware.com/advisories/17381/)\n[Secunia Advisory ID:17398](https://secuniaresearch.flexerasoftware.com/advisories/17398/)\n[Secunia Advisory ID:11175](https://secuniaresearch.flexerasoftware.com/advisories/11175/)\n[Secunia Advisory ID:11795](https://secuniaresearch.flexerasoftware.com/advisories/11795/)\n[Secunia Advisory ID:12193](https://secuniaresearch.flexerasoftware.com/advisories/12193/)\n[Secunia Advisory ID:12241](https://secuniaresearch.flexerasoftware.com/advisories/12241/)\n[Secunia Advisory ID:17401](https://secuniaresearch.flexerasoftware.com/advisories/17401/)\n[Related OSVDB ID: 4316](https://vulners.com/osvdb/OSVDB:4316)\n[Related OSVDB ID: 4318](https://vulners.com/osvdb/OSVDB:4318)\nRedHat RHSA: RHSA-2005:829\nRedHat RHSA: RHSA-2005:830\nOther Advisory URL: http://www.openssl.org/news/secadv_20040317.txt\nOther Advisory URL: http://www.uniras.gov.uk/vuls/2004/224012/index.htm\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.7/SCOSA-2005.7.txt\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml\nISS X-Force ID: 15505\nGeneric Informational URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\nGeneric Exploit URL: http://www.codenomicon.com/testtools/tls/\n[CVE-2004-0079](https://vulners.com/cve/CVE-2004-0079)\nBugtraq ID: 9899\n", "reporter": "Codenomicon(), Joe Orton(jorton@redhat.com)", "published": "2004-03-17T08:13:37", "type": "osvdb", "title": "OpenSSL SSL/TLS Handshake Null Pointer DoS ", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OpenSSL", "version": "0.9.6h", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6i", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6d", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.7a", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6j", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6e", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.7c", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.7b", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6g", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6c", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6f", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6k", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6l", "operator": "eq"}], "cvelist": ["CVE-2004-0079"], "modified": "2004-03-17T08:13:37", "href": "https://vulners.com/osvdb/OSVDB:4317", "id": "OSVDB:4317", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "references": [], "edition": 1, "description": "## Vulnerability Description\nThe SSL/TLS handshaking code in OpenSSL does not properly check the length of Kerberos tickets during an SSL/TLS handshake when using Kerberos ciphersuites. This allows remote attackers to cause a denial of service by manipulating the parameters during SSL/TLS handshake, causing an out-of-bounds read and crashing OpenSSL.\n## Solution Description\nUpgrade to version 0.9.7d or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe SSL/TLS handshaking code in OpenSSL does not properly check the length of Kerberos tickets during an SSL/TLS handshake when using Kerberos ciphersuites. This allows remote attackers to cause a denial of service by manipulating the parameters during SSL/TLS handshake, causing an out-of-bounds read and crashing OpenSSL.\n## References:\n[Vendor Specific Advisory URL](ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc)\n[Vendor Specific Advisory URL](http://smoothwall.org/security/advisories/SWP-2004.003.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834)\n[Vendor Specific Advisory URL](http://www.redhat.com/support/errata/RHSA-2004-121.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_07_openssl.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57571)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\nUS-CERT Cyber Security Alert: TA04-078A\n[Secunia Advisory ID:11278](https://secuniaresearch.flexerasoftware.com/advisories/11278/)\n[Secunia Advisory ID:13952](https://secuniaresearch.flexerasoftware.com/advisories/13952/)\n[Secunia Advisory ID:14088](https://secuniaresearch.flexerasoftware.com/advisories/14088/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:11228](https://secuniaresearch.flexerasoftware.com/advisories/11228/)\n[Secunia Advisory ID:11565](https://secuniaresearch.flexerasoftware.com/advisories/11565/)\n[Secunia Advisory ID:11175](https://secuniaresearch.flexerasoftware.com/advisories/11175/)\n[Secunia Advisory ID:11795](https://secuniaresearch.flexerasoftware.com/advisories/11795/)\n[Secunia Advisory ID:12193](https://secuniaresearch.flexerasoftware.com/advisories/12193/)\n[Related OSVDB ID: 4317](https://vulners.com/osvdb/OSVDB:4317)\n[Related OSVDB ID: 4318](https://vulners.com/osvdb/OSVDB:4318)\nOther Advisory URL: http://www.openssl.org/news/secadv_20040317.txt\nOther Advisory URL: http://www.uniras.gov.uk/vuls/2004/224012/index.htm\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.7/SCOSA-2005.7.txt\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml\nISS X-Force ID: 15508\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2004-0112](https://vulners.com/cve/CVE-2004-0112)\nBugtraq ID: 9899\n", "reporter": "Dr. Stephen Henson(steve@openssl.org)", "published": "2004-03-17T08:13:37", "type": "osvdb", "title": "OpenSSL Kerberos SSL/TLS Handshake DoS ", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OpenSSL", "version": "0.9.7a", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.7c", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.7b", "operator": "eq"}], "cvelist": ["CVE-2004-0112"], "modified": "2004-03-17T08:13:37", "href": "https://vulners.com/osvdb/OSVDB:4316", "id": "OSVDB:4316", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "references": [], "edition": 1, "description": "## Vulnerability Description\nOpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when unknown TLS message types are sent to it, which creates an infinite loop and will result in loss of availability for OpenSSL or the application using it.\n## Solution Description\nUpgrade to version 0.9.6d or higher and recompile all applications statically linked with OpenSSL, as this has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when unknown TLS message types are sent to it, which creates an infinite loop and will result in loss of availability for OpenSSL or the application using it.\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-465)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2004-121.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57571)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc)\n[Vendor Specific Advisory URL](http://www.juniper.net/support/security/alerts/adv58466-2.txt)\nUS-CERT Cyber Security Alert: TA04-078A\n[Secunia Advisory ID:11278](https://secuniaresearch.flexerasoftware.com/advisories/11278/)\n[Secunia Advisory ID:13952](https://secuniaresearch.flexerasoftware.com/advisories/13952/)\n[Secunia Advisory ID:14088](https://secuniaresearch.flexerasoftware.com/advisories/14088/)\n[Secunia Advisory ID:11228](https://secuniaresearch.flexerasoftware.com/advisories/11228/)\n[Secunia Advisory ID:14093](https://secuniaresearch.flexerasoftware.com/advisories/14093/)\n[Secunia Advisory ID:11175](https://secuniaresearch.flexerasoftware.com/advisories/11175/)\n[Secunia Advisory ID:11795](https://secuniaresearch.flexerasoftware.com/advisories/11795/)\n[Secunia Advisory ID:12193](https://secuniaresearch.flexerasoftware.com/advisories/12193/)\n[Related OSVDB ID: 4316](https://vulners.com/osvdb/OSVDB:4316)\n[Related OSVDB ID: 4317](https://vulners.com/osvdb/OSVDB:4317)\nOther Advisory URL: http://www.openssl.org/news/secadv_20040317.txt\nOther Advisory URL: http://www.uniras.gov.uk/vuls/2004/224012/index.htm\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.7/SCOSA-2005.7.txt\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107955049331965&w=2\nISS X-Force ID: 15509\nGeneric Exploit URL: http://www.codenomicon.com/testtools/tls/\n[CVE-2004-0081](https://vulners.com/cve/CVE-2004-0081)\nBugtraq ID: 9899\n", "reporter": "Codenomicon(), Joe Orton(jorton@redhat.com)", "published": "2004-03-17T08:13:37", "type": "osvdb", "title": "OpenSSL TLS Infinite Loop DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OpenSSL", "version": "0.9.6a", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6b", "operator": "eq"}, {"name": "OpenSSL", "version": "0.9.6c", "operator": "eq"}], "cvelist": ["CVE-2004-0081"], "modified": "2004-03-17T08:13:37", "href": "https://vulners.com/osvdb/OSVDB:4318", "id": "OSVDB:4318", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:44:45", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-830.html", "https://rhn.redhat.com/errata/RHSA-2005-812.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "ia64", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "any", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "any", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "i386", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "i386", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.10.2-0.40E", "arch": "alpha", "packageName": "wget", "packageFilename": "wget-1.10.2-0.40E.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "any", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "any", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42axp", "arch": "alpha", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42axp.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "ia64", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "i386", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "i386", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "s390", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "s390", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.6b-22.42", "arch": "x86_64", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-22.42.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.9.6b-16.42", "arch": "x86_64", "packageName": "openssl096b", "packageFilename": "openssl096b-0.9.6b-16.42.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:830\n\n\nThe OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\r\nTransport Layer Security (TLS v1) protocols, and serves as a full-strength\r\ngeneral purpose cryptography library. OpenSSL 0.9.6b libraries are provided\r\nfor Red Hat Enterprise Linux 3 and 4 to allow compatibility with legacy\r\napplications.\r\n\r\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\r\nuncovered a null-pointer assignment in the do_change_cipher_spec()\r\nfunction. A remote attacker could perform a carefully crafted SSL/TLS\r\nhandshake against a server that uses the OpenSSL library in such a way as\r\nto cause OpenSSL to crash. Depending on the server this could lead to a\r\ndenial of service. (CVE-2004-0079)\r\n\r\nThis issue was reported as not affecting OpenSSL versions prior to 0.9.6c,\r\nand testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as\r\nshipped as a compatibility library with Red Hat Enterprise Linux 3 and 4\r\ndid not crash. However, an alternative reproducer has been written which\r\nshows that this issue does affect versions of OpenSSL prior to 0.9.6c.\r\n\r\nNote that Red Hat does not ship any applications with Red Hat Enterprise\r\nLinux 3 or 4 that use these compatibility libraries. \r\n\r\nUsers of the OpenSSL096b compatibility package are advised to upgrade to\r\nthese updated packages, which contain a patch provided by the OpenSSL group\r\nthat protect against this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012352.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012354.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012357.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012358.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012370.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012371.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012373.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012374.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012375.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012376.html\n\n**Affected packages:**\nopenssl096b\nwget\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-812.html\nhttps://rhn.redhat.com/errata/RHSA-2005-830.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-11-02T17:10:22", "title": "openssl096b, wget security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079"], "modified": "2005-11-03T05:14:15", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/012352.html", "id": "CESA-2005:830", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-25T13:02:34", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.6b-42", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.6b-42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.6b-42", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.6b-42.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.6-28", "arch": "i386", "packageName": "openssl096", "packageFilename": "openssl096-0.9.6-28.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.6b-42", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.6b-42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.6b-42", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.6b-42.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.9.5a-28", "arch": "i386", "packageName": "openssl095a", "packageFilename": "openssl095a-0.9.5a-28.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:829-00\n\n\nThe OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),\r\nTransport Layer Security (TLS v1) protocols, and serves as a full-strength\r\ngeneral purpose cryptography library.\r\n\r\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\r\nuncovered a null-pointer assignment in the do_change_cipher_spec()\r\nfunction. A remote attacker could perform a carefully crafted SSL/TLS\r\nhandshake against a server that uses the OpenSSL library in such a way as\r\nto cause OpenSSL to crash. Depending on the server this could lead to a\r\ndenial of service. (CVE-2004-0079)\r\n\r\nThis issue was reported as not affecting OpenSSL versions prior to 0.9.6c,\r\nand testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as\r\nshipped in Red Hat Enterprise Linux 2.1 did not crash. However, an\r\nalternative reproducer has been written which shows that this issue does\r\naffect versions of OpenSSL prior to 0.9.6c.\r\n\r\nUsers of OpenSSL are advised to upgrade to these updated packages, which \r\ncontain a patch provided by the OpenSSL group that protects against this issue.\r\n\r\nNOTE: Because server applications are affected by this issue, users are\r\nadvised to either restart all services that use OpenSSL functionality or\r\nrestart their systems after installing these updates.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012378.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl095a\nopenssl096\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "reporter": "CentOS Project", "published": "2005-11-03T05:24:10", "title": "openssl, openssl095a, openssl096 security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079"], "modified": "2005-11-03T05:24:10", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/012378.html", "id": "CESA-2005:829-00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:16:13", "references": ["http://www.openssl.org/news/secadv_20040317.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.8_17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.9.7d", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl-beta", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.9.7d", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}], "description": "\nA remote attacker could cause an application using OpenSSL to\n\t crash by performing a specially crafted SSL/TLS handshake.\n", "edition": 3, "reporter": "FreeBSD", "published": "2004-03-17T00:00:00", "title": "OpenSSL ChangeCipherSpec denial-of-service vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0079"], "modified": "2004-05-05T00:00:00", "id": "68233CBA-7774-11D8-89ED-0020ED76EF5A", "href": "https://vuxml.freebsd.org/freebsd/68233cba-7774-11d8-89ed-0020ed76ef5a.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:50", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-perl-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-static-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-devel-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "src", "packageFilename": "openssl-fips-1.0.1m-2.0.1.el6.src.rpm", "packageName": "openssl-fips", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips", "operator": "lt"}], "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- a d d e a p - f a s t s u p p o r t ( # 4 2 8 1 8 1 ) b r > - a d d p o s s i b i l i t y t o d i s a b l e z l i b b y s e t t i n g b r > - a d d f i p s m o d e s u p p o r t f o r t e s t i n g p u r p o s e s b r > - d o n o t n u l l d e r e f e r e n c e o n s o m e i n v a l i d s m i m e f i l e s b r > - a d d b u i l d r e q u i r e s p k g c o n f i g ( # 4 7 9 4 9 3 ) b r > b r > [ 0 . 9 . 8 g - 1 1 ] b r > - d o n o t a d d t l s e x t e n s i o n s t o s e r v e r h e l l o f o r S S L v 3 e i t h e r b r > b r > [ 0 . 9 . 8 g - 1 0 ] b r > - m o v e r o o t C A b u n d l e t o c a - c e r t i f i c a t e s p a c k a g e b r > b r > [ 0 . 9 . 8 g - 9 ] b r > - f i x C V E - 2 0 0 8 - 0 8 9 1 - s e r v e r n a m e e x t e n s i o n c r a s h ( # 4 4 8 4 9 2 ) b r > - f i x C V E - 2 0 0 8 - 1 6 7 2 - s e r v e r k e y e x c h a n g e m e s s a g e o m i t c r a s h ( # 4 4 8 4 9 5 ) b r > b r > [ 0 . 9 . 8 g - 8 ] b r > - s u p e r - H a r c h s u p p o r t b r > - d r o p w o r k a r o u n d f o r b u g 1 9 9 6 0 4 a s i t s h o u l d b e f i x e d i n g c c - 4 . 3 b r > b r > [ 0 . 9 . 8 g - 7 ] b r > - s p a r c h a n d l i n g b r > b r > [ 0 . 9 . 8 g - 6 ] b r > - u p d a t e t o n e w r o o t C A b u n d l e f r o m m o z i l l a . o r g ( r 1 . 4 5 ) b r > b r > [ 0 . 9 . 8 g - 5 ] b r > - A u t o r e b u i l d f o r G C C 4 . 3 b r > b r > [ 0 . 9 . 8 g - 4 ] b r > - m e r g e r e v i e w f i x e s ( # 2 2 6 2 2 0 ) b r > - a d j u s t t h e S H L I B _ V E R S I O N _ N U M B E R t o r e f l e c t l i b r a r y n a m e ( # 4 2 9 8 4 6 ) b r > b r > [ 0 . 9 . 8 g - 3 ] b r > - s e t d e f a u l t p a t h s w h e n n o e x p l i c i t p a t h s a r e s e t ( # 4 1 8 7 7 1 ) b r > - d o n o t a d d t l s e x t e n s i o n s t o c l i e n t h e l l o f o r S S L v 3 ( # 4 2 2 0 8 1 ) b r > b r > [ 0 . 9 . 8 g - 2 ] b r > - e n a b l e s o m e n e w c r y p t o a l g o r i t h m s a n d f e a t u r e s b r > - a d d s o m e m o r e i m p o r t a n t b u g f i x e s f r o m o p e n s s l C V S b r > b r > [ 0 . 9 . 8 g - 1 ] b r > - u p d a t e t o l a t e s t u p s t r e a m r e l e a s e , S O N A M E b u m p e d t o 7 b r > b r > [ 0 . 9 . 8 b - 1 7 ] b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g b r > b r > [ 0 . 9 . 8 b - 1 6 ] b r > - f i x C V E - 2 0 0 7 - 5 1 3 5 - o f f - b y - o n e i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 3 0 9 8 0 1 ) b r > - f i x C V E - 2 0 0 7 - 4 9 9 5 - o u t o f o r d e r D T L S f r a g m e n t s b u f f e r o v e r f l o w ( # 3 2 1 1 9 1 ) b r > - a d d a l p h a s u b - a r c h s ( # 2 9 6 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 5 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 1 4 ] b r > - u s e l o c a l h o s t i n t e s t s u i t e , h o p e f u l l y f i x e s s l o w b u i l d i n k o j i b r > - C V E - 2 0 0 7 - 3 1 0 8 - f i x s i d e c h a n n e l a t t a c k o n p r i v a t e k e y s ( # 2 5 0 5 7 7 ) b r > - m a k e s s l s e s s i o n c a c h e i d m a t c h i n g s t r i c t ( # 2 3 3 5 9 9 ) b r > b r > [ 0 . 9 . 8 b - 1 3 ] b r > - a l l o w b u i l d i n g o n A R M a r c h i t e c t u r e s ( # 2 4 5 4 1 7 ) b r > - u s e r e f e r e n c e t i m e s t a m p s t o p r e v e n t m u l t i l i b c o n f l i c t s ( # 2 1 8 0 6 4 ) b r > - - d e v e l p a c k a g e m u s t r e q u i r e p k g c o n f i g ( # 2 4 1 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 2 ] b r > - d e t e c t d u p l i c a t e s i n a d d _ d i r p r o p e r l y ( # 2 0 6 3 4 6 ) b r > b r > [ 0 . 9 . 8 b - 1 1 ] b r > - t h e p r e v i o u s c h a n g e s t i l l d i d n ' t m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e b r > b r > [ 0 . 9 . 8 b - 1 0 ] b r > - m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e o t h e r w i s e c e r t i f i c a t e l o o k u p b r > i s b r o k e n ( # 2 1 6 0 5 0 ) b r > b r > [ 0 . 9 . 8 b - 9 ] b r > - a l i a s i n g b u g i n e n g i n e l o a d i n g , p a t c h b y I B M ( # 2 1 3 2 1 6 ) b r > b r > [ 0 . 9 . 8 b - 8 ] b r > - C V E - 2 0 0 6 - 2 9 4 0 f i x w a s i n c o r r e c t ( # 2 0 8 7 4 4 ) b r > b r > [ 0 . 9 . 8 b - 7 ] b r > - f i x C V E - 2 0 0 6 - 2 9 3 7 - m i s h a n d l e d e r r o r o n A S N . 1 p a r s i n g ( # 2 0 7 2 7 6 ) b r > - f i x C V E - 2 0 0 6 - 2 9 4 0 - p a r a s i t i c p u b l i c k e y s D o S ( # 2 0 7 2 7 4 ) b r > - f i x C V E - 2 0 0 6 - 3 7 3 8 - b u f f e r o v e r f l o w i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 2 0 6 9 4 0 ) b r > - f i x C V E - 2 0 0 6 - 4 3 4 3 - s s l v 2 c l i e n t D o S ( # 2 0 6 9 4 0 ) b r > b r > [ 0 . 9 . 8 b - 6 ] b r > - f i x C V E - 2 0 0 6 - 4 3 3 9 - p r e v e n t a t t a c k o n P K C S # 1 v 1 . 5 s i g n a t u r e s ( # 2 0 5 1 8 0 ) b r > b r > [ 0 . 9 . 8 b - 5 ] b r > - s e t b u f f e r i n g t o n o n e o n s t d i o / s t d o u t F I L E w h e n b u f s i z e i s s e t ( # 2 0 0 5 8 0 ) b r > p a t c h b y I B M b r > b r > [ 0 . 9 . 8 b - 4 . 1 ] b r > - r e b u i l d w i t h n e w b i n u t i l s ( # 2 0 0 3 3 0 ) b r > b r > [ 0 . 9 . 8 b - 4 ] b r > - a d d a t e m p o r a r y w o r k a r o u n d f o r s h a 5 1 2 t e s t f a i l u r e o n s 3 9 0 ( # 1 9 9 6 0 4 ) b r > b r > * T h u J u l 2 0 2 0 0 6 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - a d d i p v 6 s u p p o r t t o s _ c l i e n t a n d s _ s e r v e r ( b y J a n P a z d z i o r a ) ( # 1 9 8 7 3 7 ) b r > - a d d p a t c h e s f o r B N t h r e a d s a f e t y , A E S c a c h e c o l l i s i o n a t t a c k h a z a r d f i x a n d b r > p k c s 7 c o d e m e m l e a k f i x f r o m u p s t r e a m C V S b r > b r > [ 0 . 9 . 8 b - 3 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 3 ] b r > - d r o p p e d l i b i c a a n d i c a e n g i n e f r o m b u i l d b r > b r > * W e d J u n 2 1 2 0 0 6 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g ; a d d s C A c e r t i f i c a t e s b r > f r o m n e t l o c k . h u a n d s t a r t c o m . o r g b r > b r > [ 0 . 9 . 8 b - 2 ] b r > - f i x e d a f e w r p m l i n t w a r n i n g s b r > - b e t t e r f i x f o r # 1 7 3 3 9 9 f r o m u p s t r e a m b r > - u p s t r e a m f i x f o r p k c s 1 2 b r > b r > [ 0 . 9 . 8 b - 1 ] b r > - u p g r a d e t o n e w v e r s i o n , s t a y s A B I c o m p a t i b l e b r > - t h e r e i s n o m o r e l i n u x / c o n f i g . h ( i t w a s e m p t y a n y w a y ) b r > b r > [ 0 . 9 . 8 a - 6 ] b r > - f i x s t a l e o p e n h a n d l e s i n l i b i c a ( # 1 7 7 1 5 5 ) b r > - f i x b u i l d i f ' r a n d ' o r ' p a s s w d ' i n b u i l d r o o t p a t h ( # 1 7 8 7 8 2 ) b r > - i n i t i a l i z e V I A P a d l o c k e n g i n e ( # 1 8 6 8 5 7 ) b r > b r > [ 0 . 9 . 8 a - 5 . 2 ] b r > - b u m p a g a i n f o r d o u b l e - l o n g b u g o n p p c ( 6 4 ) b r > b r > [ 0 . 9 . 8 a - 5 . 1 ] b r > - r e b u i l t f o r n e w g c c 4 . 1 s n a p s h o t a n d g l i b c c h a n g e s b r > b r > [ 0 . 9 . 8 a - 5 ] b r > - d o n ' t i n c l u d e S S L _ O P _ N E T S C A P E _ R E U S E _ C I P H E R _ C H A N G E _ B U G b r > i n S S L _ O P _ A L L ( # 1 7 5 7 7 9 ) b r > b r > * F r i D e c 0 9 2 0 0 5 J e s s e K e a t i n g j k e a t i n g @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 8 a - 4 ] b r > - f i x b u i l d ( - l c r y p t o w a s e r r o n e u s l y d r o p p e d ) o f t h e u p d a t e d l i b i c a b r > - u p d a t e d I C A e n g i n e t o 1 . 3 . 6 - r c 3 b r > b r > [ 0 . 9 . 8 a - 3 ] b r > - d i s a b l e b u i l t i n c o m p r e s s i o n m e t h o d s f o r n o w u n t i l t h e y w o r k b r > p r o p e r l y ( # 1 7 3 3 9 9 ) b r > b r > [ 0 . 9 . 8 a - 2 ] b r > - d o n ' t s e t - r p a t h f o r o p e n s s l b i n a r y b r > b r > [ 0 . 9 . 8 a - 1 ] b r > - n e w u p s t r e a m v e r s i o n b r > - p a t c h e s p a r t i a l l y r e n u m b e r e d b r > b r > [ 0 . 9 . 7 f - 1 1 ] b r > - u p d a t e d I B M I C A e n g i n e l i b r a r y a n d p a t c h t o l a t e s t u p s t r e a m v e r s i o n b r > b r > [ 0 . 9 . 7 f - 1 0 ] b r > - f i x C A N - 2 0 0 5 - 2 9 6 9 - r e m o v e S S L _ O P _ M S I E _ S S L V 2 _ R S A _ P A D D I N G w h i c h b r > d i s a b l e s t h e c o u n t e r m e a s u r e a g a i n s t m a n i n t h e m i d d l e a t t a c k i n S S L v 2 b r > ( # 1 6 9 8 6 3 ) b r > - u s e s h a 1 a s d e f a u l t f o r C A a n d c e r t r e q u e s t s - C A N - 2 0 0 5 - 2 9 4 6 ( # 1 6 9 8 0 3 ) b r > b r > [ 0 . 9 . 7 f - 9 ] b r > - a d d * . s o . s o v e r s i o n a s s y m l i n k s i n / l i b ( # 1 6 5 2 6 4 ) b r > - r e m o v e u n p a c k a g e d s y m l i n k s ( # 1 5 9 5 9 5 ) b r > - f i x e s f r o m u p s t r e a m ( c o n s t a n t t i m e f i x e s f o r D S A , b r > b n a s s e m b l e r d i v o n p p c a r c h , i n i t i a l i z e m e m o r y o n r e a l l o c ) b r > b r > [ 0 . 9 . 7 f - 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 f - 7 ] b r > - f i x C A N - 2 0 0 5 - 0 1 0 9 - u s e c o n s t a n t t i m e / m e m o r y a c c e s s m o d _ e x p b r > s o b i t s o f p r i v a t e k e y a r e n ' t l e a k e d b y c a c h e e v i c t i o n ( # 1 5 7 6 3 1 ) b r > - a f e w m o r e f i x e s f r o m u p s t r e a m 0 . 9 . 7 g b r > b r > [ 0 . 9 . 7 f - 6 ] b r > - u s e p o l l i n s t e a d o f s e l e c t i n r a n d ( # 1 2 8 2 8 5 ) b r > - f i x M a k e f i l e . c e r t i f i c a t e t o p o i n t t o / e t c / p k i / t l s b r > - c h a n g e t h e d e f a u l t s t r i n g m a s k i n A S N 1 t o P r i n t a b l e S t r i n g + U T F 8 S t r i n g b r > b r > [ 0 . 9 . 7 f - 5 ] b r > - u p d a t e t o r e v i s i o n 1 . 3 7 o f M o z i l l a C A b u n d l e b r > b r > [ 0 . 9 . 7 f - 4 ] b r > - m o v e c e r t i f i c a t e s t o _ s y s c o n f d i r / p k i / t l s ( # 1 4 3 3 9 2 ) b r > - m o v e C A d i r e c t o r i e s t o _ s y s c o n f d i r / p k i / C A b r > - p a t c h t h e C A s c r i p t a n d t h e d e f a u l t c o n f i g s o i t p o i n t s t o t h e b r > C A d i r e c t o r i e s b r > b r > [ 0 . 9 . 7 f - 3 ] b r > - u n i n i t i a l i z e d v a r i a b l e m u s t n ' t b e u s e d a s i n p u t i n i n l i n e b r > a s s e m b l y b r > - r e e n a b l e t h e x 8 6 _ 6 4 a s s e m b l y a g a i n b r > b r > [ 0 . 9 . 7 f - 2 ] b r > - a d d b a c k R C 4 _ C H A R o n i a 6 4 a n d x 8 6 _ 6 4 s o t h e A B I i s n ' t b r o k e n b r > - d i s a b l e b r o k e n b i g n u m a s s e m b l y o n x 8 6 _ 6 4 b r > b r > [ 0 . 9 . 7 f - 1 ] b r > - r e e n a b l e o p t i m i z a t i o n s o n p p c 6 4 a n d a s s e m b l y c o d e o n i a 6 4 b r > - u p g r a d e t o n e w u p s t r e a m v e r s i o n ( n o s o n a m e b u m p n e e d e d ) b r > - d i s a b l e t h r e a d t e s t - i t w a s t e s t i n g t h e b a c k p o r t o f t h e b r > R S A b l i n d i n g - n o l o n g e r n e e d e d b r > - a d d e d s u p p o r t f o r c h a n g i n g s e r i a l n u m b e r t o b r > M a k e f i l e . c e r t i f i c a t e ( # 1 5 1 1 8 8 ) b r > - m a k e c a - b u n d l e . c r t a c o n f i g f i l e ( # 1 1 8 9 0 3 ) b r > b r > [ 0 . 9 . 7 e - 3 ] b r > - l i b c r y p t o s h o u l d n ' t d e p e n d o n l i b k r b 5 ( # 1 3 5 9 6 1 ) b r > b r > [ 0 . 9 . 7 e - 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 e - 1 ] b r > - n e w u p s t r e a m s o u r c e , u p d a t e d p a t c h e s b r > - a d d e d p a t c h s o w e a r e h o p e f u l l y A B I c o m p a t i b l e w i t h u p c o m i n g b r > 0 . 9 . 7 f b r > b r > * T h u F e b 1 0 2 0 0 5 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - S u p p o r t U T F - 8 c h a r s e t i n t h e M a k e f i l e . c e r t i f i c a t e ( # 1 3 4 9 4 4 ) b r > - A d d e d c m p t o B u i l d P r e r e q b r > b r > [ 0 . 9 . 7 a - 4 6 ] b r > - g e n e r a t e n e w c a - b u n d l e . c r t f r o m M o z i l l a c e r t d a t a . t x t ( r e v i s i o n 1 . 3 2 ) b r > b r > [ 0 . 9 . 7 a - 4 5 ] b r > - F i x e d a n d u p d a t e d l i b i c a - 1 . 3 . 4 - u r a n d o m . p a t c h p a t c h ( # 1 2 2 9 6 7 ) b r > b r > [ 0 . 9 . 7 a - 4 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 3 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 1 ] b r > - r e m o v e d e r _ c h o p , a s u p s t r e a m c v s h a s d o n e ( C A N - 2 0 0 4 - 0 9 7 5 , # 1 4 0 0 4 0 ) b r > b r > [ 0 . 9 . 7 a - 4 0 ] b r > - I n c l u d e l a t e s t l i b i c a v e r s i o n w i t h i m p o r t a n t b u g f i x e s b r > b r > * T u e J u n 1 5 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 a - 3 7 ] b r > - b u i l d f o r l i n u x - a l p h a - g c c i n s t e a d o f a l p h a - g c c o n a l p h a ( J e f f G a r z i k ) b r > b r > [ 0 . 9 . 7 a - 3 6 ] b r > - h a n d l e % { _ a r c h } = i 4 8 6 / i 5 8 6 / i 6 8 6 / a t h l o n c a s e s i n t h e i n t e r m e d i a t e b r > h e a d e r ( # 1 2 4 3 0 3 ) b r > b r > [ 0 . 9 . 7 a - 3 5 ] b r > - a d d s e c u r i t y f i x e s f o r C A N - 2 0 0 4 - 0 0 7 9 , C A N - 2 0 0 4 - 0 1 1 2 b r > b r > * T u e M a r 1 6 2 0 0 4 P h i l K n i r s c h p k n i r s c h @ r e d h a t . c o m > b r > - F i x e d l i b i c a f i l e s p e c . b r > b r > [ 0 . 9 . 7 a - 3 4 ] b r > - p p c / p p c 6 4 d e f i n e _ _ p o w e r p c _ _ / _ _ p o w e r p c 6 4 _ _ , n o t _ _ p p c _ _ / _ _ p p c 6 4 _ _ , f i x b r > t h e i n t e r m e d i a t e h e a d e r b r > b r > [ 0 . 9 . 7 a - 3 3 ] b r > - a d d a n i n t e r m e d i a t e o p e n s s l / o p e n s s l c o n f . h > w h i c h p o i n t s t o t h e r i g h t b r > a r c h - s p e c i f i c o p e n s s l c o n f . h o n m u l t i l i b a r c h e s b r > b r > * T u e M a r 0 2 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 5 . b r > b r > [ 0 . 9 . 7 a - 3 1 ] b r > - U p d a t e I C A c r y p t o e n g i n e p a t c h f r o m I B M t o l a t e s t v e r s i o n . b r > b r > * F r i F e b 1 3 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 9 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 8 ] b r > - F i x e d l i b i c a b u i l d . b r > b r > * W e d F e b 0 4 2 0 0 4 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d ' - l d l ' t o l i n k f l a g s a d d e d f o r L i n u x - o n - A R M ( # 9 9 3 1 3 ) b r > b r > [ 0 . 9 . 7 a - 2 7 ] b r > - u p d a t e d c a - b u n d l e . c r t : r e m o v e d e x p i r e d G e o T r u s t r o o t s , a d d e d b r > f r e e s s l . c o m r o o t , r e m o v e d t r u s t c e n t e r . d e C l a s s 0 r o o t b r > b r > [ 0 . 9 . 7 a - 2 6 ] b r > - F i x l i n k l i n e f o r l i b s s l ( b u g # 1 1 1 1 5 4 ) . b r > b r > [ 0 . 9 . 7 a - 2 5 ] b r > - a d d d e p e n d e n c y o n z l i b - d e v e l f o r t h e - d e v e l p a c k a g e , w h i c h d e p e n d s o n z l i b b r > s y m b o l s b e c a u s e w e e n a b l e z l i b f o r l i b s s l ( # 1 0 2 9 6 2 ) b r > b r > [ 0 . 9 . 7 a - 2 4 ] b r > - U s e / d e v / u r a n d o m i n s t e a d o f P R N G f o r l i b i c a . b r > - A p p l y l i b i c a - 1 . 3 . 5 f i x f o r / d e v / u r a n d o m i n i c a l i n u x . c b r > - U s e l a t e s t I C A e n g i n e p a t c h f r o m I B M . b r > b r > [ 0 . 9 . 7 a - 2 2 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - r e b u i l d ( 2 2 w a s n ' t a c t u a l l y b u i l t , f u n e h ? ) b r > b r > [ 0 . 9 . 7 a - 2 3 ] b r > - r e - d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T u e S e p 3 0 2 0 0 3 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - a d d a _ m b s t r . c f i x f o r 6 4 - b i t p l a t f o r m s f r o m C V S b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - a d d - W a , - - n o e x e c s t a c k t o R P M _ O P T _ F L A G S s o t h a t a s s e m b l e d m o d u l e s g e t t a g g e d b r > a s n o t n e e d i n g e x e c u t a b l e s t a c k s b r > b r > [ 0 . 9 . 7 a - 2 1 ] b r > - r e b u i l d b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - e n a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e e x c l u s i v e a r c h b r > b r > [ 0 . 9 . 7 a - 2 0 ] b r > - o n l y p a r s e a c l i e n t c e r t i f o n e w a s r e q u e s t e d b r > - t e m p o r a r i l y e x c l u s i v e a r c h f o r % { i x 8 6 } b r > b r > * T u e S e p 2 3 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d s e c u r i t y f i x e s f o r p r o t o c o l p a r s i n g b u g s ( C A N - 2 0 0 3 - 0 5 4 3 , C A N - 2 0 0 3 - 0 5 4 4 ) b r > a n d h e a p c o r r u p t i o n ( C A N - 2 0 0 3 - 0 5 4 5 ) b r > - u p d a t e R H N S - C A - C E R T f i l e s b r > - e a s e b a c k o n t h e n u m b e r o f t h r e a d s u s e d i n t h e t h r e a d i n g t e s t b r > b r > [ 0 . 9 . 7 a - 1 9 ] b r > - r e b u i l d t o f i x g z i p p e d f i l e m d 5 s u m s ( # 9 1 2 1 1 ) b r > b r > [ 0 . 9 . 7 a - 1 8 ] b r > - U p d a t e d l i b i c a t o v e r s i o n 1 . 3 . 4 . b r > b r > [ 0 . 9 . 7 a - 1 7 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 . 9 ] b r > - f r e e t h e k s s l _ c t x s t r u c t u r e w h e n w e f r e e a n S S L s t r u c t u r e ( # 9 9 0 6 6 ) b r > b r > [ 0 . 9 . 7 a - 1 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 5 ] b r > - l o w e r t h r e a d t e s t c o u n t o n s 3 9 0 x b r > b r > [ 0 . 9 . 7 a - 1 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 3 ] b r > - d i s a b l e a s s e m b l y o n a r c h e s w h e r e i t s e e m s t o c o n f l i c t w i t h t h r e a d i n g b r > b r > [ 0 . 9 . 7 a - 1 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 0 b r > b r > [ 0 . 9 . 7 a - 9 . 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 ] b r > - u b s e c : d o n ' t s t o m p o n o u t p u t d a t a w h i c h m i g h t a l s o b e i n p u t d a t a b r > b r > [ 0 . 9 . 7 a - 9 ] b r > - t e m p o r a r i l y d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * M o n J u n 0 9 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b a c k p o r t f i x f o r e n g i n e - u s e d - f o r - e v e r y t h i n g f r o m 0 . 9 . 7 b b r > - b a c k p o r t f i x f o r p r n g n o t b e i n g s e e d e d c a u s i n g p r o b l e m s , a l s o f r o m 0 . 9 . 7 b b r > - a d d a c h e c k a t b u i l d - t i m e t o e n s u r e t h a t R S A i s t h r e a d - s a f e b r > - k e e p p e r l p a t h f r o m s t o m p i n g o n t h e l i b i c a c o n f i g u r e s c r i p t s b r > b r > * F r i J u n 0 6 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t h r e a d - s a f e t y f i x f o r R S A b l i n d i n g b r > b r > [ 0 . 9 . 7 a - 8 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 7 ] b r > - A d d e d l i b i c a - 1 . 2 t o o p e n s s l ( f e a t u r e r e q u e s t ) . b r > b r > [ 0 . 9 . 7 a - 6 ] b r > - f i x b u i l d i n g w i t h i n c o r r e c t f l a g s o n p p c 6 4 b r > b r > [ 0 . 9 . 7 a - 5 ] b r > - a d d p a t c h t o h a r d e n a g a i n s t K l i m a - P o k o r n y - R o s a e x t e n s i o n o f B l e i c h e n b a c h e r ' s b r > a t t a c k ( C A N - 2 0 0 3 - 0 1 3 1 ) b r > b r > [ 0 . 9 . 7 a - 4 ] b r > - a d d p a t c h t o e n a b l e R S A b l i n d i n g b y d e f a u l t , c l o s i n g a t i m i n g a t t a c k b r > ( C A N - 2 0 0 3 - 0 1 4 7 ) b r > b r > [ 0 . 9 . 7 a - 3 ] b r > - d i s a b l e u s e o f B N a s s e m b l y m o d u l e o n x 8 6 _ 6 4 , b u t c o n t i n u e t o a l l o w i n l i n e b r > a s s e m b l y ( # 8 3 4 0 3 ) b r > b r > [ 0 . 9 . 7 a - 2 ] b r > - d i s a b l e E C a l g o r i t h m s b r > b r > [ 0 . 9 . 7 a - 1 ] b r > - u p d a t e t o 0 . 9 . 7 a b r > b r > [ 0 . 9 . 7 - 8 ] b r > - a d d f i x t o g u a r d a g a i n s t a t t e m p t s t o a l l o c a t e n e g a t i v e a m o u n t s o f m e m o r y b r > - a d d p a t c h f o r C A N - 2 0 0 3 - 0 0 7 8 , f i x i n g a t i m i n g a t t a c k b r > b r > [ 0 . 9 . 7 - 7 ] b r > - A d d o p e n s s l - p p c 6 4 . p a t c h b r > b r > [ 0 . 9 . 7 - 6 ] b r > - E V P _ D e c r y p t I n i t s h o u l d c a l l E V P _ C i p h e r I n i t ( ) i n s t e a d o f E V P _ C i p h e r I n i t _ e x ( ) , b r > t o g e t t h e r i g h t b e h a v i o r w h e n p a s s e d u n i n i t i a l i z e d c o n t e x t s t r u c t u r e s b r > ( # 8 3 7 6 6 ) b r > - b u i l d w i t h - m c p u = e v 5 o n a l p h a f a m i l y ( # 8 3 8 2 8 ) b r > b r > * W e d J a n 2 2 2 0 0 3 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 - 4 ] b r > - A d d e d I B M h w c r y p t o s u p p o r t p a t c h . b r > b r > * W e d J a n 1 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d m i s s i n g b u i l d d e p o n s e d b r > b r > [ 0 . 9 . 7 - 3 ] b r > - d e b l o a t b r > - f i x b r o k e n m a n p a g e s y m l i n k s b r > b r > [ 0 . 9 . 7 - 2 ] b r > - f i x d o u b l e - f r e e i n ' o p e n s s l c a ' b r > b r > [ 0 . 9 . 7 - 1 ] b r > - u p d a t e t o 0 . 9 . 7 f i n a l b r > b r > [ 0 . 9 . 7 - 0 ] b r > - u p d a t e t o 0 . 9 . 7 b e t a 6 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > * W e d D e c 1 1 2 0 0 2 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 7 b e t a 5 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > [ 0 . 9 . 6 b - 3 0 ] b r > - a d d c o n f i g u r a t i o n s t a n z a f o r x 8 6 _ 6 4 a n d u s e i t o n x 8 6 _ 6 4 b r > - b u i l d f o r l i n u x - p p c o n p p c b r > - s t a r t r u n n i n g t h e s e l f - t e s t s a g a i n b r > b r > [ 0 . 9 . 6 b - 2 9 h a m m e r . 3 ] b r > - M e r g e f i x e s f r o m p r e v i o u s h a m m e r p a c k a g e s , i n c l u d i n g g e n e r a l x 8 6 - 6 4 a n d b r > m u l t i l i b b r > b r > [ 0 . 9 . 6 b - 2 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 8 ] b r > - u p d a t e a s n p a t c h t o f i x a c c i d e n t a l r e v e r s a l o f a l o g i c c h e c k b r > b r > [ 0 . 9 . 6 b - 2 7 ] b r > - u p d a t e a s n p a t c h t o r e d u c e c h a n c e t h a t c o m p i l e r o p t i m i z a t i o n w i l l r e m o v e b r > o n e o f t h e a d d e d t e s t s b r > b r > [ 0 . 9 . 6 b - 2 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 5 ] b r > - a d d p a t c h t o f i x A S N . 1 v u l n e r a b i l i t i e s b r > b r > [ 0 . 9 . 6 b - 2 4 ] b r > - a d d b a c k p o r t o f B e n L a u r i e ' s p a t c h e s f o r O p e n S S L 0 . 9 . 6 d b r > b r > [ 0 . 9 . 6 b - 2 3 ] b r > - o w n { _ d a t a d i r } / s s l / m i s c b r > b r > * F r i J u n 2 1 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > * S u n M a y 2 6 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 0 ] b r > - f r e e r i d e t h r o u g h t h e b u i l d s y s t e m ( w h e e ! ) b r > b r > [ 0 . 9 . 6 b - 1 9 ] b r > - r e b u i l d i n n e w e n v i r o n m e n t b r > b r > [ 0 . 9 . 6 b - 1 7 , 0 . 9 . 6 b - 1 8 ] b r > - m e r g e R H L - s p e c i f i c b i t s i n t o s t r o n g h o l d p a c k a g e , r e n a m e b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 2 ] b r > - a d d s u p p o r t f o r C h r y s a l i s L u n a t o k e n b r > b r > * T u e M a r 2 6 2 0 0 2 G a r y B e n s o n g b e n s o n @ r e d h a t . c o m > b r > - d i s a b l e A E P r a n d o m n u m b e r g e n e r a t i o n , o t h e r A E P f i x e s b r > b r > [ 0 . 9 . 6 b - 1 5 ] b r > - o n l y b u i l d s u b p a c k a g e s o n p r i m a r y a r c h e s b r > b r > [ 0 . 9 . 6 b - 1 3 ] b r > - o n i a 3 2 , o n l y d i s a b l e u s e o f a s s e m b l e r o n i 3 8 6 b r > - e n a b l e a s s e m b l y o n i a 6 4 b r > b r > [ 0 . 9 . 6 b - 1 1 ] b r > - f i x s p a r c v 9 e n t r y b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 1 ] b r > - u p g r a d e t o 0 . 9 . 6 c b r > - b u m p B u i l d A r c h t o i 6 8 6 a n d e n a b l e a s s e m b l e r o n a l l p l a t f o r m s b r > - s y n c h r o n i s e w i t h s h r i m p y a n d r a w h i d e b r > - b u m p s o v e r s i o n t o 3 b r > b r > * W e d O c t 1 0 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - d e l e t e B N _ L L O N G f o r s 3 9 0 x , p a t c h f r o m O l i v e r P a u k s t a d t b r > b r > [ 0 . 9 . 6 b - 9 ] b r > - u p d a t e A E P d r i v e r p a t c h b r > b r > * M o n S e p 1 0 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t R N G d i s a b l i n g p a t c h t o m a t c h v e r s i o n o f p a t c h f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 8 ] b r > - d i s a b l e t h e R N G i n t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 7 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 6 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 5 ] b r > - u p d a t e u b s e c e n g i n e d r i v e r f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 4 ] b r > - m o v e m a n p a g e s b a c k t o % { _ m a n d i r } / m a n ? / f o o . ? s s l f r o m b r > % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > - a d d a n [ e n g i n e ] s e c t i o n t o t h e d e f a u l t c o n f i g u r a t i o n f i l e b r > b r > * T h u A u g 0 9 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a p a t c h f o r s e l e c t i n g a d e f a u l t e n g i n e i n S S L _ l i b r a r y _ i n i t ( ) b r > b r > [ 0 . 9 . 6 b - 3 ] b r > - a d d p a t c h e s f o r A E P h a r d w a r e s u p p o r t b r > - a d d p a t c h t o k e e p t r y i n g w h e n w e f a i l t o l o a d a c e r t f r o m a f i l e a n d b r > t h e r e a r e m o r e i n t h e f i l e b r > - a d d m i s s i n g p r o t o t y p e f o r E N G I N E _ u b s e c ( ) i n e n g i n e _ i n t . h b r > b r > [ 0 . 9 . 6 b - 2 ] b r > - a c t u a l l y a d d h w _ u b s e c t o t h e e n g i n e l i s t b r > b r > * T u e J u l 1 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d i n t h e h w _ u b s e c d r i v e r f r o m C V S b r > b r > [ 0 . 9 . 6 b - 1 ] b r > - u p d a t e t o 0 . 9 . 6 b b r > b r > * T h u J u l 0 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e . s o s y m l i n k s b a c k t o % { _ l i b d i r } b r > b r > * T u e J u l 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e s h a r e d l i b r a r i e s t o / l i b ( # 3 8 4 1 0 ) b r > b r > * M o n J u n 2 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s w i t c h t o e n g i n e c o d e b a s e b r > b r > * M o n J u n 1 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s c r i p t f o r c r e a t i n g d u m m y c e r t i f i c a t e s b r > - m o v e m a n p a g e s f r o m % { _ m a n d i r } / m a n ? / f o o . ? s s l t o % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > b r > * T h u J u n 0 7 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d s 3 9 0 x s u p p o r t b r > b r > * F r i J u n 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c h a n g e t w o m e m c p y ( ) c a l l s t o m e m m o v e ( ) b r > - d o n ' t d e f i n e L _ E N D I A N o n a l p h a b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 a - 1 ] b r > - A d d ' s t r o n g h o l d - ' p r e f i x t o p a c k a g e n a m e s . b r > - O b s o l e t e s t a n d a r d o p e n s s l p a c k a g e s . b r > b r > * W e d M a y 1 6 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - A d d B u i l d A r c h : i 5 8 6 a s p e r N a l i n ' s a d v i c e . b r > b r > * T u e M a y 1 5 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - E n a b l e a s s e m b l e r o n i x 8 6 ( u s i n g n e w . t a r . b z 2 w h i c h d o e s b r > i n c l u d e t h e a s m d i r e c t o r i e s ) . b r > b r > * T u e M a y 1 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u b p a c k a g e s d e p e n d o n t h e m a i n p a c k a g e b r > b r > * T u e M a y 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t t h e h o b b l e s c r i p t t o n o t d i s t u r b s y m l i n k s i n i n c l u d e / ( f i x f r o m b r > J o e O r t o n ) b r > b r > * F r i A p r 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d r o p t h e m 2 c r y p o p a t c h w e w e r e n ' t u s i n g b r > b r > * T u e A p r 2 4 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c o n f i g u r e u s i n g ' s h a r e d ' a s w e l l b r > b r > * S u n A p r 0 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 a b r > - u s e t h e b u i l d - s h a r e d t a r g e t t o b u i l d s h a r e d l i b r a r i e s b r > - b u m p t h e s o v e r s i o n t o 2 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h b r > o u r 0 . 9 . 5 a p a c k a g e s o r o u r 0 . 9 . 6 p a c k a g e s b r > - d r o p t h e p a t c h f o r m a k i n g r s a t e s t a n o - o p w h e n r s a n u l l s u p p o r t i s u s e d b r > - p u t a l l m a n p a g e s i n t o s e c t i o n > s s l i n s t e a d o f s e c t i o n > b r > - b r e a k t h e m 2 c r y p t o m o d u l e s i n t o a s e p a r a t e p a c k a g e b r > b r > * T u e M a r 1 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e B N _ L L O N G o n s 3 9 0 b r > b r > * M o n M a r 1 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e s 3 9 0 c h a n g e s f o r 0 . 9 . 6 ( i s n ' t s u p p o s e d t o b e m a r k e d a s 6 4 - b i t ) b r > b r > * S a t M a r 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e c _ r e h a s h t o t h e p e r l s u b p a c k a g e , b e c a u s e i t ' s a p e r l s c r i p t n o w b r > b r > * F r i M a r 0 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 b r > - e n a b l e M D 2 b r > - u s e t h e l i b c r y p t o . s o a n d l i b s s l . s o t a r g e t s t o b u i l d s h a r e d l i b s w i t h b r > - b u m p t h e s o v e r s i o n t o 1 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h a n y o f b r > t h e v a r i o u s 0 . 9 . 5 a p a c k a g e s c i r c u l a t i n g a r o u n d , w h i c h p r o v i d e l i b * . s o . 0 b r > b r > * W e d F e b 2 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - c h a n g e h o b b l e - o p e n s s l f o r d i s a b l i n g M D 2 a g a i n b r > b r > * T u e F e b 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - d i s a b l e M D 2 - - t h e E V P _ M D _ C T X s t r u c t u r e w o u l d g r o w f r o m 1 0 0 t o 1 5 2 b r > b y t e s o r s o , c a u s i n g E V P _ D i g e s t I n i t ( ) t o z e r o o u t s t a c k v a r i a b l e s i n b r > a p p s b u i l t a g a i n s t a v e r s i o n o f t h e l i b r a r y w i t h o u t i t b r > b r > * M o n F e b 2 6 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e s o m e i n l i n e a s s e m b l y , w h i c h o n x 8 6 i s P e n t i u m - s p e c i f i c b r > - r e - e n a b l e M D 2 ( s e e h t t p : / / w w w . i e t f . o r g / i e t f / I P R / R S A - M D - a l l ) b r > b r > * T h u F e b 0 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - f i x s 3 9 0 p a t c h b r > b r > * F r i D e c 0 8 2 0 0 0 T h a n N g o t h a n @ r e d h a t . c o m > b r > - a d d e d s u p p o r t s 3 9 0 b r > b r > * M o n N o v 2 0 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e - W a , * a n d - m * c o m p i l e r f l a g s f r o m t h e d e f a u l t C o n f i g u r e f i l e ( # 2 0 6 5 6 ) b r > - a d d t h e C A . p l m a n p a g e t o t h e p e r l s u b p a c k a g e b r > b r > * T h u N o v 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a l w a y s b u i l d w i t h - m c p u = e v 5 o n a l p h a b r > b r > * T u e O c t 3 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s y m l i n k f r o m c e r t . p e m t o c a - b u n d l e . c r t b r > b r > * W e d O c t 2 5 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a c a - b u n d l e f i l e f o r p a c k a g e s l i k e S a m b a t o r e f e r e n c e f o r C A c e r t i f i c a t e s b r > b r > * T u e O c t 2 4 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e l i b c r y p t o ' s c r y p t ( ) , w h i c h d o e s n ' t h a n d l e m d 5 c r y p t ( # 1 9 2 9 5 ) b r > b r > * M o n O c t 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d u n z i p a s a b u i l d p r e r e q ( # 1 7 6 6 2 ) b r > - u p d a t e m 2 c r y p t o t o 0 . 0 5 - s n a p 4 b r > b r > * T u e S e p 2 6 2 0 0 0 B i l l N o t t i n g h a m n o t t i n g @ r e d h a t . c o m > b r > - f i x s o m e i s s u e s i n b u i l d i n g w h e n i t ' s n o t i n s t a l l e d b r > b r > * W e d S e p 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u r e t h e h e a d e r s w e i n c l u d e a r e t h e o n e s w e b u i l t w i t h ( a a a a a r r g h ! ) b r > b r > * F r i S e p 0 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d R i c h a r d H e n d e r s o n ' s p a t c h f o r B N o n i a 6 4 b r > - c l e a n u p t h e c h a n g e l o g b r > b r > * T u e A u g 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e b u i l d i n g o f p y t h o n m o d u l e s w i t h o u t o p e n s s l - d e v e l a l r e a d y i n s t a l l e d b r > b r > * W e d A u g 2 3 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b y t e - c o m p i l e p y t h o n e x t e n s i o n s w i t h o u t t h e b u i l d - r o o t b r > - a d j u s t t h e m a k e f i l e t o n o t r e m o v e t e m p o r a r y f i l e s ( l i k e . k e y f i l e s w h e n b r > b u i l d i n g . c s r f i l e s ) b y m a r k i n g t h e m a s . P R E C I O U S b r > b r > * S a t A u g 1 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b r e a k o u t p y t h o n e x t e n s i o n s i n t o a s u b p a c k a g e b r > b r > * M o n J u l 1 7 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e m a k e f i l e s o m e m o r e b r > b r > * T u e J u l 1 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D 2 s u p p o r t b r > b r > * T h u J u l 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D C 2 s u p p o r t b r > b r > * S u n J u l 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e d i s a b l i n g o f R C 5 , I D E A s u p p o r t b r > - t w e a k t h e m a k e f i l e b r > b r > * T h u J u n 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s t r i p b i n a r i e s a n d l i b r a r i e s b r > - r e w o r k c e r t i f i c a t e m a k e f i l e t o h a v e t h e r i g h t p a r t s f o r A p a c h e b r > b r > * W e d J u n 2 8 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e % { _ p e r l } i n s t e a d o f / u s r / b i n / p e r l b r > - d i s a b l e a l p h a u n t i l i t p a s s e s i t s o w n t e s t s u i t e b r > b r > * F r i J u n 0 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e t h e p a s s w d . 1 m a n p a g e o u t o f t h e p a s s w d p a c k a g e ' s w a y b r > b r > * F r i J u n 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 5 a , m o d i f i e d f o r U . S . b r > - a d d p e r l a s a b u i l d - t i m e r e q u i r e m e n t b r > - m o v e c e r t i f i c a t e m a k e f i l e t o a n o t h e r p a c k a g e b r > - d i s a b l e R C 5 , I D E A , R S A s u p p o r t b r > - r e m o v e o p t i m i z a t i o n s f o r n o w b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - B e r o t o l d m e t o m o v e t h e M a k e f i l e i n t o t h i s p a c k a g e b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d l i b * . s o s y m l i n k s t o l i n k d y n a m i c a l l y a g a i n s t s h a r e d l i b s b r > b r > * T u e F e b 2 9 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - u p d a t e t o 0 . 9 . 5 b r > - r u n l d c o n f i g d i r e c t l y i n p o s t / p o s t u n b r > - a d d F A Q b r > b r > * S a t D e c 1 8 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - F i x b u i l d o n n o n - x 8 6 p l a t f o r m s b r > b r > * F r i N o v 1 2 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - m o v e / u s r / s h a r e / s s l / * f r o m - d e v e l t o m a i n p a c k a g e b r > b r > * T u e O c t 2 6 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - i n i t a l p a c k a g i n g b r > - c h a n g e s f r o m b a s e : b r > - M o v e / u s r / l o c a l / s s l t o / u s r / s h a r e / s s l f o r F H S c o m p l i a n c e b r > - h a n d l e R P M _ O P T _ F L A G S b r > o p e n s s l - 1 . 0 . 1 - b e t a 2 - r p m b u i l d . p a t c h b r > o p e n s s l - 0 . 9 . 8 a - n o - r p a t h . p a t c h / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 0 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 6 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 7 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 7 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 8 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 8 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 2 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 2 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 3 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 3 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . s r c . r p m / t d > t d > a 1 5 1 5 7 a e 5 1 c 4 9 6 a 0 f b b c e b f 3 e d 8 1 c 7 5 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 3 f e 4 0 1 6 a 2 0 6 1 6 3 0 9 f 3 6 1 8 9 5 e f f 1 a 6 b a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - d e v e l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 8 4 2 5 9 3 d f 2 9 4 e 9 b 4 a f 9 e c 8 9 e e a 2 c 3 e 7 c a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - p e r l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 d f b a e 8 9 0 b e 2 5 f f 1 4 c 3 e 7 a 2 6 f 5 0 5 8 a 3 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - s t a t i c - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > a e c b 3 b 5 9 b c c b a 0 e 8 f b a 2 b 6 2 e 4 3 c c 6 a b e / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "edition": 5, "reporter": "Oracle", "published": "2015-04-02T00:00:00", "title": "openssl-fips security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-3738", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2007-4995", "CVE-2011-4108", "CVE-2009-1377", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2006-4343", "CVE-2003-0544", "CVE-2007-3108", "CVE-2003-0543", "CVE-2011-4576", "CVE-2003-0545", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-4339", "CVE-2004-0112", "CVE-2015-0288", "CVE-2009-4355", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2010-0742", "CVE-2008-0891", "CVE-2004-0975", "CVE-2011-4619", "CVE-2003-0131", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2009-1378", "CVE-2014-3470", "CVE-2012-4929", "CVE-2013-6450", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2012-2110", "CVE-2012-0884", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-0292", "CVE-2003-0078", "CVE-2003-0147", "CVE-2014-0221"], "modified": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}