CVE-2004-0081 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0081
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0081

Description: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/15509 TRUSTIX http://www.trustix.org/errata/2004/0012 SUNALERT http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 SGI SCO SAID Secunia Advisory: SA11139 REDHAT http://www.redhat.com/support/errata/RHSA-2004-139.html http://www.redhat.com/support/errata/RHSA-2004-121.html http://www.redhat.com/support/errata/RHSA-2004-120.html http://rhn.redhat.com/errata/RHSA-2004-119.html OVAL http://oval.mitre.org/oval/definitions/data/oval902.html http://oval.mitre.org/oval/definitions/data/oval871.html MISC http://www.uniras.gov.uk/vuls/2004/224012/index.htm GENTOO http://security.gentoo.org/glsa/glsa-200403-03.xml FEDORA http://fedoranews.org/updates/FEDORA-2004-095.shtml ENGARDE http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html DEBIAN http://www.debian.org/security/2004/dsa-465 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 CISCO http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml CERT-VN 465542 CERT http://www.us-cert.gov/cas/techalerts/TA04-078A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108403850228012&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=107955049331965&w=2 BID 9899

Return to the previous page.