[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0112Date: (C)2004-11-23   (M)2024-02-23


The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-11139
2004-0012
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
http://marc.info/?l=bugtraq&m=107953412903636&w=2
SUNALERT-57524
BID-9899
APPLE-SA-2005-08-15
APPLE-SA-2005-08-17
CLA-2004:834
GLSA-200403-03
MDKSA-2004:023
NetBSD-SA2004-005
O-101
RHSA-2004:120
RHSA-2004:121
SCOSA-2004.10
SSA:2004-077
SSRT4717
SuSE-SA:2004:007
TA04-078A
VU#484726
http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://www.openssl.org/news/secadv_20040317.txt
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
openssl-kerberos-ciphersuites-dos(15508)
oval:org.mitre.oval:def:1049
oval:org.mitre.oval:def:928
oval:org.mitre.oval:def:9580

CWE    1
CWE-125
OVAL    1
oval:org.secpod.oval:def:1506549

© SecPod Technologies