OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 12.1(11)e (including) | 12.1(11)e (including) |
| Ios | Cisco | 12.1(11b)e (including) | 12.1(11b)e (including) |
| Ios | Cisco | 12.2sx (including) | 12.2sx (including) |
| Ios | Cisco | 12.2sy (including) | 12.2sy (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Red Hat Stronghold 4 | RedHat | * |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
- http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2
- http://rhn.redhat.com/errata/RHSA-2004-119.html
- http://secunia.com/advisories/17381
- http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
- http://www.kb.cert.org/vuls/id/412478
- http://www.openssl.org/news/secadv_20031104.txt
- http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
- http://www.securityfocus.com/bid/8970
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
- http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2
- http://rhn.redhat.com/errata/RHSA-2004-119.html
- http://secunia.com/advisories/17381
- http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
- http://www.kb.cert.org/vuls/id/412478
- http://www.openssl.org/news/secadv_20031104.txt
- http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
- http://www.securityfocus.com/bid/8970
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528