Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2002:161
HistoryFeb 06, 2003 - 12:00 a.m.

(RHSA-2002:161) openssl security update

2003-02-0600:00:00
access.redhat.com
21

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

83.5%

JSON

OpenSSL is a commercial-grade, full-featured, and open source toolkit
which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.

Portions of the SSL protocol data stream, which include the lengths of
structures which are being transferred, may not be properly validated.
This may allow a malicious server or client to cause an affected
application to crash or enter an infinite loop, which can be used as a
denial of service (DoS) attack if the application is a server. It has not
been verified if this issue could lead to further consequences such as
remote code execution.

These errata packages contain a patch to correct this vulnerability.
Please note that the original patch from the OpenSSL team had a mistake in
it which could possibly still allow buffer overflows to occur. This bug
is also fixed in these errata packages.

NOTE:

Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.

Thanks go to the OpenSSL team for providing patches for these issues.

Related

nessus 6
packetstorm 1
cve 1
debiancve 1
openssl 1
securityvulns 2
openvas 1
slackware 2
suse 1
osv 1
debian 3
cert 6
nessus
nessus
RHEL 2.1 : openssl (RHSA-2002:161)
2004-07-06 00:00:00
OpenSSL < 0.9.6e Multiple Vulnerabilities
2012-01-04 00:00:00
SSA-18706 Security updates for Slackware 8.1
2005-07-13 00:00:00
packetstorm
packetstorm
opensslrv.txt
2002-07-31 00:00:00
cve
cve
CVE-2002-0659
2002-08-12 04:00:00
debiancve
debiancve
CVE-2002-0659
2002-08-12 04:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2002-0659
2002-07-30 00:00:00
securityvulns
securityvulns
RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code
2002-08-08 00:00:00
Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
2002-07-31 00:00:00
openvas
openvas
OpenSSL SSL2 <= 0.9.6d / 0.9.7 <= 0.9.7-beta2 Multiple Vulnerabilities
2016-11-26 00:00:00
slackware
slackware
SSA-2002-0731201128
2002-07-31 20:11:28
Security updates for Slackware 8.1
2002-07-31 13:11:28
suse
suse
buffer overflow in openssl/Slapper worm
2002-09-20 07:48:45
osv
osv
openssl - multiple remote exploits
2002-07-30 00:00:00
debian
debian
[SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
2002-09-15 00:00:00
[SECURITY] [DSA-136-3] Multiple OpenSSL problems (update)
2002-09-17 00:00:00
[SECURITY] [DSA-136-1] Multiple OpenSSL problems
2002-07-30 00:00:00
cert
cert
OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process
2002-07-30 00:00:00
ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
2002-07-30 00:00:00
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
2002-07-30 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

83.5%

JSON
Related for RHSA-2002:161
nessus6packetstorm1cve1debiancve1openssl1securityvulns2openvas1slackware2suse1osv1debian3cert6