CVE Vulnerabilities

CVE-2004-0112

Published: Nov 23, 2004 | Modified: Nov 08, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Firewall_services_module Cisco 1.1.2 1.1.2
Firewall_services_module Cisco 1.1.3 1.1.3
Firewall_services_module Cisco * *
Apache-based_web_server Hp 2.0.43.04 2.0.43.04
Clientless_vpn_gateway_4400 Symantec 5.0 5.0
Aaa_server Hp * *
Apache-based_web_server Hp 2.0.43.00 2.0.43.00
Firewall_services_module Cisco 1.1_(3.005) 1.1_(3.005)
Firewall_services_module Cisco 2.1_(0.208) 2.1_(0.208)
Red Hat Enterprise Linux 3 RedHat openssl-0:0.9.7a-33.4 *
Red Hat Enterprise Linux 3 RedHat openssl096b-0:0.9.6b-16 *
Red Hat Linux 9 RedHat openssl *

References