CVE-2004-0081

Description

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Affected products

• 4D / webstar4.0 – 4.0
• 4D / webstar5.3.1 – 5.3.1
• 4D / webstar5.3 – 5.3
• 4D / webstar5.2.4 – 5.2.4
• 4D / webstar5.2.3 – 5.2.3
• 4D / webstar5.2.2 – 5.2.2
• 4D / webstar5.2.1 – 5.2.1
• 4D / webstar5.2 – 5.2
• Apple / mac_os_x10.3.3 – 10.3.3
• Apple / mac_os_x_server10.3.3 – 10.3.3
• Avaya / converged_communications_server2.0 – 2.0
• Avaya / intuity_audixs3210 – s3210
• Avaya / intuity_audix5.1.46 – 5.1.46
• Avaya / intuity_audix
• Avaya / intuity_audixs3400 – s3400
• Avaya / s8300r2.0.0 – r2.0.0
• Avaya / s8300r2.0.1 – r2.0.1
• Avaya / s8500r2.0.1 – r2.0.1
• Avaya / s8500r2.0.0 – r2.0.0
• Avaya / s8700r2.0.0 – r2.0.0
• Avaya / s8700r2.0.1 – r2.0.1
• Avaya / sg2004.4 – 4.4
• Avaya / sg2004.31.29 – 4.31.29
• Avaya / sg2034.4 – 4.4
• Avaya / sg2034.31.29 – 4.31.29
• Avaya / sg2084.4 – 4.4
• Avaya / sg208
• Avaya / sg54.3 – 4.3
• Avaya / sg54.2 – 4.2
• Avaya / sg54.4 – 4.4
• Avaya / vsu10000_r2.0.1 – 10000_r2.0.1
• Avaya / vsu5 – 5
• Avaya / vsu5x – 5x
• Avaya / vsu100_r2.0.1 – 100_r2.0.1
• Avaya / vsu500 – 500
• Avaya / vsu2000_r2.0.1 – 2000_r2.0.1
• Avaya / vsu5000_r2.0.1 – 5000_r2.0.1
• Avaya / vsu7500_r2.0.1 – 7500_r2.0.1
• bluecoat / cacheos_ca_sa4.1.10 – 4.1.10
• bluecoat / cacheos_ca_sa4.1.12 – 4.1.12
• bluecoat / proxysg
• checkpoint / firewall-1
• checkpoint / firewall-1next_generation_fp2 – next_generation_fp2
• checkpoint / firewall-1next_generation_fp1 – next_generation_fp1
• checkpoint / firewall-1next_generation_fp0 – next_generation_fp0
• checkpoint / firewall-12.0 – 2.0
• checkpoint / provider-14.1 – 4.1
• checkpoint / provider-14.1 – 4.1
• checkpoint / provider-14.1 – 4.1
• checkpoint / provider-14.1 – 4.1
• checkpoint / provider-14.1 – 4.1
• checkpoint / vpn-1vsx_ng_with_application_intelligence – vsx_ng_with_application_intelligence
• checkpoint / vpn-1next_generation – next_generation
• checkpoint / vpn-1next_generation_fp0 – next_generation_fp0
• checkpoint / vpn-1next_generation_fp1 – next_generation_fp1
• Cisco / access_registrar
• Cisco / application_and_content_networking_software
• Cisco / call_manager
• Cisco / ciscoworks_common_management_foundation2.1 – 2.1
• Cisco / ciscoworks_common_services2.2 – 2.2
• Cisco / content_services_switch_11500
• Cisco / css11000_content_services_switch
• Cisco / css_secure_content_accelerator2.0 – 2.0
• Cisco / css_secure_content_accelerator1.0 – 1.0
• Cisco / firewall_services_module1.1.2 – 1.1.2
• Cisco / firewall_services_module2.1_(0.208) – 2.1_(0.208)
• Cisco / firewall_services_module1.1_(3.005) – 1.1_(3.005)
• Cisco / firewall_services_module1.1.3 – 1.1.3
• Cisco / firewall_services_module
• Cisco / gss_4480_global_site_selector
• Cisco / gss_4490_global_site_selector
• Cisco / IOS12.2sy – 12.2sy
• Cisco / IOS12.1(11b)e – 12.1(11b)e
• Cisco / IOS12.2(14)sy1 – 12.2(14)sy1
• Cisco / IOS12.2za – 12.2za
• Cisco / IOS12.2(14)sy – 12.2(14)sy
• Cisco / IOS12.1(11)e – 12.1(11)e
• Cisco / IOS12.1(19)e1 – 12.1(19)e1
• Cisco / IOS12.1(13)e9 – 12.1(13)e9
• Cisco / IOS12.1(11b)e14 – 12.1(11b)e14
• Cisco / IOS12.1(11b)e12 – 12.1(11b)e12
• Cisco / mds_9000
• Cisco / okena_stormwatch3.2 – 3.2
• Cisco / pix_firewall6.2.2_.111 – 6.2.2_.111
• Cisco / pix_firewall_software6.3(1) – 6.3(1)
• Cisco / pix_firewall_software6.2(3.100) – 6.2(3.100)
• Cisco / pix_firewall_software6.2(3) – 6.2(3)
• Cisco / pix_firewall_software6.2(2) – 6.2(2)
• Cisco / pix_firewall_software6.2(1) – 6.2(1)
• Cisco / pix_firewall_software6.2 – 6.2
• Cisco / pix_firewall_software6.1(5) – 6.1(5)
• Cisco / pix_firewall_software6.1(4) – 6.1(4)
• Cisco / pix_firewall_software6.3(3.109) – 6.3(3.109)
• Cisco / pix_firewall_software6.1(3) – 6.1(3)
• Cisco / pix_firewall_software6.1(2) – 6.1(2)
• Cisco / pix_firewall_software6.1(1) – 6.1(1)
• Cisco / pix_firewall_software6.1 – 6.1
• Cisco / pix_firewall_software6.0(4.101) – 6.0(4.101)
• Cisco / pix_firewall_software6.0(4) – 6.0(4)
• Cisco / pix_firewall_software6.0(3) – 6.0(3)
• Cisco / pix_firewall_software6.0(2) – 6.0(2)
• Cisco / pix_firewall_software6.0(1) – 6.0(1)
• Cisco / pix_firewall_software6.0 – 6.0
• Cisco / pix_firewall_software6.3(3.102) – 6.3(3.102)
• Cisco / pix_firewall_software6.3(2) – 6.3(2)
• Cisco / pix_firewall_software6.3 – 6.3
• Cisco / secure_content_accelerator10000 – 10000
• Cisco / threat_response
• Cisco / webns7.10 – 7.10
• Cisco / webns7.2_0.0.03 – 7.2_0.0.03
• Cisco / webns7.1_0.2.06 – 7.1_0.2.06
• Cisco / webns7.10_.0.06s – 7.10_.0.06s
• Cisco / webns7.1_0.1.02 – 7.1_0.1.02
• Cisco / webns6.10_b4 – 6.10_b4
• Cisco / webns6.10 – 6.10
• Dell / BSAFE SSL-J3.0.1 – 3.0.1
• Dell / BSAFE SSL-J3.1 – 3.1
• Dell / BSAFE SSL-J3.0 – 3.0
• FreeBSD / FreeBSD5.2 – 5.2
• FreeBSD / FreeBSD4.8 – 4.8
• FreeBSD / FreeBSD4.9 – 4.9
• FreeBSD / FreeBSD5.1 – 5.1
• FreeBSD / FreeBSD5.1 – 5.1
• FreeBSD / FreeBSD5.1 – 5.1
• FreeBSD / FreeBSD5.2.1 – 5.2.1
• FreeBSD / FreeBSD4.8 – 4.8
• HP / aaa_server
• HP / apache-based_web_server2.0.43.00 – 2.0.43.00
• HP / apache-based_web_server2.0.43.04 – 2.0.43.04
• HP / hp-ux8.05 – 8.05
• HP / hp-ux11.00 – 11.00
• HP / hp-ux11.11 – 11.11
• HP / hp-ux11.23 – 11.23
• HP / wbema.01.05.08 – a.01.05.08
• HP / wbema.02.00.00 – a.02.00.00
• HP / wbema.02.00.01 – a.02.00.01
• lite / speed_technologies_litespeed_web_server1.3_rc1 – 1.3_rc1
• lite / speed_technologies_litespeed_web_server1.3_rc2 – 1.3_rc2
• lite / speed_technologies_litespeed_web_server1.3_rc3 – 1.3_rc3
• lite / speed_technologies_litespeed_web_server1.0.3 – 1.0.3
• lite / speed_technologies_litespeed_web_server1.1 – 1.1
• lite / speed_technologies_litespeed_web_server1.0.2 – 1.0.2
• lite / speed_technologies_litespeed_web_server1.0.1 – 1.0.1
• lite / speed_technologies_litespeed_web_server1.2_rc1 – 1.2_rc1
• lite / speed_technologies_litespeed_web_server1.2.2 – 1.2.2
• lite / speed_technologies_litespeed_web_server1.2.1 – 1.2.1
• lite / speed_technologies_litespeed_web_server1.1.1 – 1.1.1
• lite / speed_technologies_litespeed_web_server1.2_rc2 – 1.2_rc2
• lite / speed_technologies_litespeed_web_server1.3 – 1.3
• lite / speed_technologies_litespeed_web_server1.3.1 – 1.3.1
• neoteris / instant_virtual_extranet3.1 – 3.1
• neoteris / instant_virtual_extranet3.0 – 3.0
• neoteris / instant_virtual_extranet3.2 – 3.2
• neoteris / instant_virtual_extranet3.3 – 3.3
• neoteris / instant_virtual_extranet3.3.1 – 3.3.1
• Novell / eDirectory8.7 – 8.7
• Novell / eDirectory8.5.27 – 8.5.27
• Novell / eDirectory8.7.1 – 8.7.1
• Novell / eDirectory8.7.1 – 8.7.1
• Novell / eDirectory8.0 – 8.0
• Novell / eDirectory8.5 – 8.5
• Novell / eDirectory8.5.12a – 8.5.12a
• Novell / eDirectory8.6.2 – 8.6.2
• Novell / imanager2.0 – 2.0
• Novell / imanager1.5 – 1.5
• OpenBSD / OpenBSD3.3 – 3.3
• OpenBSD / OpenBSD3.4 – 3.4
• OpenSSL / OpenSSL0.9.6f – 0.9.6f
• OpenSSL / OpenSSL0.9.6e – 0.9.6e
• OpenSSL / OpenSSL0.9.6d – 0.9.6d
• OpenSSL / OpenSSL0.9.6c – 0.9.6c
• OpenSSL / OpenSSL0.9.7c – 0.9.7c
• OpenSSL / OpenSSL0.9.7b – 0.9.7b
• OpenSSL / OpenSSL0.9.7a – 0.9.7a
• OpenSSL / OpenSSL0.9.7 – 0.9.7
• OpenSSL / OpenSSL0.9.7 – 0.9.7
• OpenSSL / OpenSSL0.9.7 – 0.9.7
• OpenSSL / OpenSSL0.9.7 – 0.9.7
• OpenSSL / OpenSSL0.9.6k – 0.9.6k
• OpenSSL / OpenSSL0.9.6j – 0.9.6j
• OpenSSL / OpenSSL0.9.6i – 0.9.6i
• OpenSSL / OpenSSL0.9.6h – 0.9.6h
• OpenSSL / OpenSSL0.9.6g – 0.9.6g
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux_desktop3.0 – 3.0
• RedHat / linux8.0 – 8.0
• RedHat / linux7.3 – 7.3
• RedHat / linux7.2 – 7.2
• RedHat / openssl0.9.7a-2 – 0.9.7a-2
• RedHat / openssl0.9.7a-2 – 0.9.7a-2
• RedHat / openssl0.9.6b-3 – 0.9.6b-3
• RedHat / openssl0.9.6-15 – 0.9.6-15
• RedHat / openssl0.9.7a-2 – 0.9.7a-2
• sco / openserver5.0.6 – 5.0.6
• sco / openserver5.0.7 – 5.0.7
• securecomputing / sidewinder5.2.0.04 – 5.2.0.04
• securecomputing / sidewinder5.2.1 – 5.2.1
• securecomputing / sidewinder5.2.1.02 – 5.2.1.02
• securecomputing / sidewinder5.2 – 5.2
• securecomputing / sidewinder5.2.0.01 – 5.2.0.01
• securecomputing / sidewinder5.2.0.02 – 5.2.0.02
• securecomputing / sidewinder5.2.0.03 – 5.2.0.03
• sgi / propack3.0 – 3.0
• sgi / propack2.3 – 2.3
• sgi / propack2.4 – 2.4
• stonesoft / servercluster2.5 – 2.5
• stonesoft / servercluster2.5.2 – 2.5.2
• stonesoft / stonebeat_fullcluster2.0 – 2.0
• stonesoft / stonebeat_fullcluster1_3.0 – 1_3.0
• stonesoft / stonebeat_fullcluster1_2.0 – 1_2.0
• stonesoft / stonebeat_fullcluster3.0 – 3.0
• stonesoft / stonebeat_fullcluster2.5 – 2.5
• stonesoft / stonebeat_securitycluster2.5 – 2.5
• stonesoft / stonebeat_securitycluster2.0 – 2.0
• stonesoft / stonebeat_webcluster2.5 – 2.5
• stonesoft / stonebeat_webcluster2.0 – 2.0
• stonesoft / stonegate2.2.1 – 2.2.1
• stonesoft / stonegate1.5.17 – 1.5.17
• stonesoft / stonegate1.5.18 – 1.5.18
• stonesoft / stonegate1.6.2 – 1.6.2
• stonesoft / stonegate1.6.3 – 1.6.3
• stonesoft / stonegate1.7 – 1.7
• stonesoft / stonegate1.7.1 – 1.7.1
• stonesoft / stonegate1.7.2 – 1.7.2
• stonesoft / stonegate2.0.1 – 2.0.1
• stonesoft / stonegate2.0.4 – 2.0.4
• stonesoft / stonegate2.0.5 – 2.0.5
• stonesoft / stonegate2.0.6 – 2.0.6
• stonesoft / stonegate2.0.7 – 2.0.7
• stonesoft / stonegate2.0.8 – 2.0.8
• stonesoft / stonegate2.0.9 – 2.0.9
• stonesoft / stonegate2.1 – 2.1
• stonesoft / stonegate2.2 – 2.2
• stonesoft / stonegate2.2.4 – 2.2.4
• stonesoft / stonegate_vpn_client1.7.2 – 1.7.2
• stonesoft / stonegate_vpn_client2.0.8 – 2.0.8
• stonesoft / stonegate_vpn_client1.7 – 1.7
• stonesoft / stonegate_vpn_client2.0.9 – 2.0.9
• stonesoft / stonegate_vpn_client2.0 – 2.0
• stonesoft / stonegate_vpn_client2.0.7 – 2.0.7
• sun / crypto_accelerator_40001.0 – 1.0
• Symantec / clientless_vpn_gateway_44005.0 – 5.0
• tarantella / tarantella_enterprise3.20 – 3.20
• tarantella / tarantella_enterprise3.30 – 3.30
• tarantella / tarantella_enterprise3.40 – 3.40
• VMware / gsx_server2.0 – 2.0
• VMware / gsx_server2.0.1_build_2129 – 2.0.1_build_2129
• VMware / gsx_server2.5.1 – 2.5.1
• VMware / gsx_server2.5.1_build_5336 – 2.5.1_build_5336
• VMware / gsx_server3.0_build_7592 – 3.0_build_7592

References

• MISChttp://www.securityfocus.com/bid/9899
• VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=107955049331965&w=2
• MISChttp://www.redhat.com/support/errata/RHSA-2004-121.html
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15509
• MISChttp://www.uniras.gov.uk/vuls/2004/224012/index.htm
• MISChttp://fedoranews.org/updates/FEDORA-2004-095.shtml
• MISChttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755
• MISChttp://www.kb.cert.org/vuls/id/465542
• MISChttp://www.us-cert.gov/cas/techalerts/TA04-078A.html
• MISChttp://security.gentoo.org/glsa/glsa-200403-03.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/11139
• MISChttp://www.redhat.com/support/errata/RHSA-2004-120.html
• MISChttp://rhn.redhat.com/errata/RHSA-2004-119.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
• MISChttp://www.redhat.com/support/errata/RHSA-2004-139.html
• MISChttp://www.trustix.org/errata/2004/0012
• MAILING_LISThttp://marc.info/?l=bugtraq&m=108403850228012&w=2
• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-465