The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firewall_services_module | Cisco | 1.1.3 | 1.1.3 |
| Firewall_services_module | Cisco | 1.1_(3.005) | 1.1_(3.005) |
| Firewall_services_module | Cisco | * | * |
| Firewall_services_module | Cisco | 1.1.2 | 1.1.2 |
| Clientless_vpn_gateway_4400 | Symantec | 5.0 | 5.0 |
| Apache-based_web_server | Hp | 2.0.43.00 | 2.0.43.00 |
| Apache-based_web_server | Hp | 2.0.43.04 | 2.0.43.04 |
| Firewall_services_module | Cisco | 2.1_(0.208) | 2.1_(0.208) |
| Aaa_server | Hp | * | * |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl | * |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl095a | * |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl096 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl-0:0.9.7a-33.4 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl096b-0:0.9.6b-16 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl096b-0:0.9.6b-16.42 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl096b-0:0.9.6b-22.42 | * |
| Red Hat Linux 9 | RedHat | openssl | * |