12105: OpenSSL Null-pointer assignment during SSL handshake

OpenSSL Null-pointer assignment during SSL handshake

General Info

	TC:	12105
	Description:	OpenSSL is a very popular library supporting SSL and cryptographic functions working on many different platforms. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash. All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details.
	TC Impact:	Gather Info
	Service:	http

Specific Operations and Actions:

	Vulnerability Publication:	March 17, 2004
	Advisory Copyright:	Stephen Henson and the OpenSSL Group
	Summary:	It is possible to create a DoS using a bug in OpenSSL.
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
	CVSS 2.0 Base Score:	5.0

	Vulnerability Impact:	Denial of Service

	Host Impact:	Service can be stopped.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries. See references for more details.

Glossary and References :

	References:
	* BUGTRAQ: 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] http://marc.theaimsgroup.com/?l=bugtraq&m=107953412903636&w=2 * CONFIRM: http://www.openssl.org/news/secadv_20040317.txt * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm * CISCO: 20040317 Cisco OpenSSL Implementation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml * APPLE: APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html * APPLE: APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html * DEBIAN: DSA-465 http://www.debian.org/security/2004/dsa-465 * FEDORA: FEDORA-2004-095 http://fedoranews.org/updates/FEDORA-2004-095.shtml * FEDORA: FEDORA-2005-1042 http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html * FREEBSD: FreeBSD-SA-04:05 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc * GENTOO: GLSA-200403-03 http://security.gentoo.org/glsa/glsa-200403-03.xml * HP: SSRT4717 http://marc.theaimsgroup.com/?l=bugtraq&m=108403806509920&w=2 * MANDRAKE: MDKSA-2004:023 http://www.mandriva.com/security/advisories?name=MDKSA-2004:023 * NETBSD: NetBSD-SA2004-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc * REDHAT: RHSA-2004:120 http://www.redhat.com/support/errata/RHSA-2004-120.html * REDHAT: RHSA-2004:121 http://www.redhat.com/support/errata/RHSA-2004-121.html * REDHAT: RHSA-2004:139 http://www.redhat.com/support/errata/RHSA-2004-139.html * REDHAT: RHSA-2005:830 http://www.redhat.com/support/errata/RHSA-2005-830.html * REDHAT: RHSA-2005:829 http://www.redhat.com/support/errata/RHSA-2005-829.html * SCO: SCOSA-2004.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt * SLACKWARE: SSA:2004-077 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961 * SUSE: SuSE-SA:2004:007 http://www.novell.com/linux/security/advisories/2004_07_openssl.html * SUNALERT: 57524 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 * TRUSTIX: 2004-0012 http://www.trustix.org/errata/2004/0012 * CONFIRM: http://docs.info.apple.com/article.html?artnum=61798 * CERT: TA04-078A http://www.us-cert.gov/cas/techalerts/TA04-078A.html * CERT-VN: VU#288574 http://www.kb.cert.org/vuls/id/288574 * CIAC: O-101 http://www.ciac.org/ciac/bulletins/o-101.shtml * BID: 9899 http://www.securityfocus.com/bid/9899 * OVAL: oval:org.mitre.oval:def:2621 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2621 * OVAL: oval:org.mitre.oval:def:870 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:870 * OVAL: oval:org.mitre.oval:def:975 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:975 * SECUNIA: 11139 http://secunia.com/advisories/11139 * SECUNIA: 17401 http://secunia.com/advisories/17401 * SECUNIA: 17381 http://secunia.com/advisories/17381 * SECUNIA: 17398 http://secunia.com/advisories/17398 * SECUNIA: 18247 http://secunia.com/advisories/18247 * XF: openssl-dochangecipherspec-dos(15505) http://xforce.iss.net/xforce/xfdb/15505

	CVE Link:	CVE-2004-0079

	Glossary:	Denial of Service SSL

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)