National Vulnerability Database (NVD) National Vulnerability Database (CVE-2004-0079)

National Cyber-Alert System

Vulnerability Summary for CVE-2004-0079

Original release date:11/23/2004

Last revised:03/04/2009

Source: US-CERT/NIST

Overview

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

Vendor Statments (disclaimer)

Official Statement from Red Hat (03/14/2007): Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA04-078A

Name: TA04-078A

Type: Advisory

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA04-078A.html

US-CERT Vulnerability Note: VU#288574

Name: VU#288574

Hyperlink:http://www.kb.cert.org/vuls/id/288574

External Source: XF

Name: openssl-dochangecipherspec-dos(15505)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/15505

External Source: MISC

Name: http://www.uniras.gov.uk/vuls/2004/224012/index.htm

Hyperlink:http://www.uniras.gov.uk/vuls/2004/224012/index.htm

External Source: TRUSTIX

Name: 2004-0012

Hyperlink:http://www.trustix.org/errata/2004/0012

External Source: SLACKWARE

Name: SSA:2004-077

Hyperlink:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961

External Source: BID

Name: 9899

Type: Advisory

Hyperlink:http://www.securityfocus.com/bid/9899

External Source: REDHAT

Name: RHSA-2005:830

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-830.html

External Source: REDHAT

Name: RHSA-2005:829

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-829.html

External Source: REDHAT

Name: RHSA-2004:139

Hyperlink:http://www.redhat.com/support/errata/RHSA-2004-139.html

External Source: REDHAT

Name: RHSA-2004:121

Hyperlink:http://www.redhat.com/support/errata/RHSA-2004-121.html

External Source: REDHAT

Name: RHSA-2004:120

Hyperlink:http://www.redhat.com/support/errata/RHSA-2004-120.html

External Source: FEDORA

Name: FEDORA-2005-1042

Hyperlink:http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html

External Source: CONFIRM

Name: http://www.openssl.org/news/secadv_20040317.txt

Hyperlink:http://www.openssl.org/news/secadv_20040317.txt

External Source: SUSE

Name: SuSE-SA:2004:007

Hyperlink:http://www.novell.com/linux/security/advisories/2004_07_openssl.html

External Source: ENGARDE

Name: ESA-20040317-003

Hyperlink:http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html

External Source: DEBIAN

Name: DSA-465

Hyperlink:http://www.debian.org/security/2004/dsa-465

External Source: CISCO

Name: 20040317 Cisco OpenSSL Implementation Vulnerability

Hyperlink:http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml

External Source: CIAC

Name: O-101

Hyperlink:http://www.ciac.org/ciac/bulletins/o-101.shtml

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm

External Source: SUNALERT

Name: 57524

Hyperlink:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524

External Source: GENTOO

Name: GLSA-200403-03

Hyperlink:http://security.gentoo.org/glsa/glsa-200403-03.xml

External Source: SECUNIA

Name: 18247

Hyperlink:http://secunia.com/advisories/18247

External Source: SECUNIA

Name: 17401

Hyperlink:http://secunia.com/advisories/17401

External Source: SECUNIA

Name: 17398

Hyperlink:http://secunia.com/advisories/17398

External Source: SECUNIA

Name: 17381

Hyperlink:http://secunia.com/advisories/17381

External Source: SECUNIA

Name: 11139

Hyperlink:http://secunia.com/advisories/11139

External Source: OVAL

Name: oval:org.mitre.oval:def:5770

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5770

External Source: HP

Name: SSRT4717

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=108403806509920&w=2

External Source: BUGTRAQ

Name: 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=107953412903636&w=2

External Source: CONFIRM

Name: http://lists.apple.com/mhonarc/security-announce/msg00045.html

Hyperlink:http://lists.apple.com/mhonarc/security-announce/msg00045.html

External Source: APPLE

Name: APPLE-SA-2005-08-15

Hyperlink:http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

External Source: APPLE

Name: APPLE-SA-2005-08-17

Hyperlink:http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

External Source: FEDORA

Name: FEDORA-2004-095

Hyperlink:http://fedoranews.org/updates/FEDORA-2004-095.shtml

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=61798

Hyperlink:http://docs.info.apple.com/article.html?artnum=61798

External Source: CONECTIVA

Name: CLA-2004:834

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834

External Source: SCO

Name: SCOSA-2004.10

Hyperlink:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt

External Source: NETBSD

Name: NetBSD-SA2004-005

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc

External Source: FREEBSD

Name: FreeBSD-SA-04:05

Hyperlink:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc

External Source: MANDRAKE

Name: MDKSA-2004:023

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2004:023

US Government Resource: oval:org.mitre.oval:def:975

Name: oval:org.mitre.oval:def:975

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:975

US Government Resource: oval:org.mitre.oval:def:870

Name: oval:org.mitre.oval:def:870

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:870

US Government Resource: oval:org.mitre.oval:def:2621

Name: oval:org.mitre.oval:def:2621

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2621

Vulnerable software and versions

Configuration 1

* cpe:/h:cisco:firewall_services_module

* cpe:/h:cisco:firewall_services_module:1.1.2

* cpe:/h:cisco:firewall_services_module:1.1.3

* cpe:/h:cisco:firewall_services_module:1.1_%283.005%29

* cpe:/h:cisco:firewall_services_module:2.1_%280.208%29

* cpe:/h:hp:aaa_server

* cpe:/h:hp:apache-based_web_server:2.0.43.00

* cpe:/h:hp:apache-based_web_server:2.0.43.04

* cpe:/h:symantec:clientless_vpn_gateway_4400:5.0

Configuration 2

* cpe:/a:cisco:ciscoworks_common_management_foundation:2.1

* cpe:/a:cisco:ciscoworks_common_services:2.2

* cpe:/h:avaya:converged_communications_server:2.0

* cpe:/h:avaya:sg200:4.31.29

* cpe:/h:avaya:sg200:4.4

* cpe:/h:avaya:sg203:4.31.29

* cpe:/h:avaya:sg203:4.4

* cpe:/h:avaya:sg208

* cpe:/h:avaya:sg208:4.4

* cpe:/h:avaya:sg5:4.2

* cpe:/h:avaya:sg5:4.3

* cpe:/h:avaya:sg5:4.4

* cpe:/o:apple:mac_os_x:10.3.3

* cpe:/o:apple:mac_os_x_server:10.3.3

* cpe:/o:freebsd:freebsd:4.8

* cpe:/o:freebsd:freebsd:4.8:releng

* cpe:/o:freebsd:freebsd:4.9

* cpe:/o:freebsd:freebsd:5.1

* cpe:/o:freebsd:freebsd:5.1:release

* cpe:/o:freebsd:freebsd:5.1:releng

* cpe:/o:freebsd:freebsd:5.2

* cpe:/o:freebsd:freebsd:5.2.1:release

* cpe:/o:hp:hp-ux:11.00

* cpe:/o:hp:hp-ux:11.11

* cpe:/o:hp:hp-ux:11.23

* cpe:/o:hp:hp-ux:8.05

* cpe:/o:openbsd:openbsd:3.3

* cpe:/o:openbsd:openbsd:3.4

* cpe:/o:redhat:enterprise_linux:3.0::advanced_server

* cpe:/o:redhat:enterprise_linux:3.0::enterprise_server

* cpe:/o:redhat:enterprise_linux:3.0::workstation_server

* cpe:/o:redhat:enterprise_linux_desktop:3.0

* cpe:/o:redhat:linux:7.2

* cpe:/o:redhat:linux:7.3

* cpe:/o:redhat:linux:8.0

* cpe:/o:sco:openserver:5.0.6

* cpe:/o:sco:openserver:5.0.7

Configuration 3

AND

* cpe:/o:cisco:ios:12.1%2811%29e

* cpe:/o:cisco:ios:12.1%2811b%29e

* cpe:/o:cisco:ios:12.1%2811b%29e12

* cpe:/o:cisco:ios:12.1%2811b%29e14

* cpe:/o:cisco:ios:12.1%2813%29e9

* cpe:/o:cisco:ios:12.1%2819%29e1

* cpe:/o:cisco:ios:12.2%2814%29sy

* cpe:/o:cisco:ios:12.2%2814%29sy1

* cpe:/o:cisco:ios:12.2sy

* cpe:/o:cisco:ios:12.2za

* cpe:/a:4d:webstar:4.0

* cpe:/a:4d:webstar:5.2

* cpe:/a:4d:webstar:5.2.1

* cpe:/a:4d:webstar:5.2.2

* cpe:/a:4d:webstar:5.2.3

* cpe:/a:4d:webstar:5.2.4

* cpe:/a:4d:webstar:5.3

* cpe:/a:4d:webstar:5.3.1

* cpe:/a:avaya:intuity_audix:::lx

* cpe:/a:avaya:intuity_audix:5.1.46

* cpe:/a:avaya:intuity_audix:s3210

* cpe:/a:avaya:intuity_audix:s3400

* cpe:/a:avaya:vsu:100_r2.0.1

* cpe:/a:avaya:vsu:10000_r2.0.1

* cpe:/a:avaya:vsu:2000_r2.0.1

* cpe:/a:avaya:vsu:5

* cpe:/a:avaya:vsu:500

* cpe:/a:avaya:vsu:5000_r2.0.1

* cpe:/a:avaya:vsu:5x

* cpe:/a:avaya:vsu:7500_r2.0.1

* cpe:/a:checkpoint:firewall-1:::vsx-ng-ai

* cpe:/a:checkpoint:firewall-1:2.0::gx

* cpe:/a:checkpoint:firewall-1:next_generation_fp0

* cpe:/a:checkpoint:firewall-1:next_generation_fp1

* cpe:/a:checkpoint:firewall-1:next_generation_fp2

* cpe:/a:checkpoint:provider-1:4.1

* cpe:/a:checkpoint:provider-1:4.1:sp1

* cpe:/a:checkpoint:provider-1:4.1:sp2

* cpe:/a:checkpoint:provider-1:4.1:sp3

* cpe:/a:checkpoint:provider-1:4.1:sp4

* cpe:/a:checkpoint:vpn-1:next_generation_fp0

* cpe:/a:checkpoint:vpn-1:next_generation_fp1

* cpe:/a:checkpoint:vpn-1:next_generation_fp2

* cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence

* cpe:/a:cisco:access_registrar

* cpe:/a:cisco:application_and_content_networking_software

* cpe:/a:cisco:css_secure_content_accelerator:1.0

* cpe:/a:cisco:css_secure_content_accelerator:2.0

* cpe:/a:cisco:css11000_content_services_switch

* cpe:/a:cisco:okena_stormwatch:3.2

* cpe:/a:cisco:pix_firewall:6.2.2_.111

* cpe:/a:cisco:threat_response

* cpe:/a:cisco:webns:6.10

* cpe:/a:cisco:webns:6.10_b4

* cpe:/a:cisco:webns:7.1_0.1.02

* cpe:/a:cisco:webns:7.1_0.2.06

* cpe:/a:cisco:webns:7.10

* cpe:/a:cisco:webns:7.10_.0.06s

* cpe:/a:cisco:webns:7.2_0.0.03

* cpe:/a:hp:wbem:a.01.05.08

* cpe:/a:hp:wbem:a.02.00.00

* cpe:/a:hp:wbem:a.02.00.01

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.3

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2

* cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3

* cpe:/a:neoteris:instant_virtual_extranet:3.0

* cpe:/a:neoteris:instant_virtual_extranet:3.1

* cpe:/a:neoteris:instant_virtual_extranet:3.2

* cpe:/a:neoteris:instant_virtual_extranet:3.3

* cpe:/a:neoteris:instant_virtual_extranet:3.3.1

* cpe:/a:novell:edirectory:8.0

* cpe:/a:novell:edirectory:8.5

* cpe:/a:novell:edirectory:8.5.12a

* cpe:/a:novell:edirectory:8.5.27

* cpe:/a:novell:edirectory:8.6.2

* cpe:/a:novell:edirectory:8.7

* cpe:/a:novell:edirectory:8.7.1

* cpe:/a:novell:edirectory:8.7.1:sp1

* cpe:/a:novell:imanager:1.5

* cpe:/a:novell:imanager:2.0

* cpe:/a:openssl:openssl:0.9.6c

* cpe:/a:openssl:openssl:0.9.6d

* cpe:/a:openssl:openssl:0.9.6e

* cpe:/a:openssl:openssl:0.9.6f

* cpe:/a:openssl:openssl:0.9.6g

* cpe:/a:openssl:openssl:0.9.6h

* cpe:/a:openssl:openssl:0.9.6i

* cpe:/a:openssl:openssl:0.9.6j

* cpe:/a:openssl:openssl:0.9.6k

* cpe:/a:openssl:openssl:0.9.7

* cpe:/a:openssl:openssl:0.9.7:beta1

* cpe:/a:openssl:openssl:0.9.7:beta2

* cpe:/a:openssl:openssl:0.9.7:beta3

* cpe:/a:openssl:openssl:0.9.7a

* cpe:/a:openssl:openssl:0.9.7b

* cpe:/a:openssl:openssl:0.9.7c

* cpe:/a:redhat:openssl:0.9.6-15::i386

* cpe:/a:redhat:openssl:0.9.6b-3::i386

* cpe:/a:redhat:openssl:0.9.7a-2::i386

* cpe:/a:redhat:openssl:0.9.7a-2::i386_dev

* cpe:/a:redhat:openssl:0.9.7a-2::i386_perl

* cpe:/a:rsa:bsafe_ssl-j_sdk:3.0

* cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1

* cpe:/a:rsa:bsafe_ssl-j_sdk:3.1

* cpe:/a:sgi:propack:2.3

* cpe:/a:sgi:propack:2.4

* cpe:/a:sgi:propack:3.0

* cpe:/a:stonesoft:servercluster:2.5

* cpe:/a:stonesoft:servercluster:2.5.2

* cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0

* cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0

* cpe:/a:stonesoft:stonebeat_fullcluster:2.0

* cpe:/a:stonesoft:stonebeat_fullcluster:2.5

* cpe:/a:stonesoft:stonebeat_fullcluster:3.0

* cpe:/a:stonesoft:stonebeat_securitycluster:2.0

* cpe:/a:stonesoft:stonebeat_securitycluster:2.5

* cpe:/a:stonesoft:stonebeat_webcluster:2.0

* cpe:/a:stonesoft:stonebeat_webcluster:2.5

* cpe:/a:stonesoft:stonegate:1.5.17

* cpe:/a:stonesoft:stonegate:1.5.18

* cpe:/a:stonesoft:stonegate:1.6.2

* cpe:/a:stonesoft:stonegate:1.6.3

* cpe:/a:stonesoft:stonegate:1.7

* cpe:/a:stonesoft:stonegate:1.7.1

* cpe:/a:stonesoft:stonegate:1.7.2

* cpe:/a:stonesoft:stonegate:2.0.1

* cpe:/a:stonesoft:stonegate:2.0.4

* cpe:/a:stonesoft:stonegate:2.0.5

* cpe:/a:stonesoft:stonegate:2.0.6

* cpe:/a:stonesoft:stonegate:2.0.7

* cpe:/a:stonesoft:stonegate:2.0.8

* cpe:/a:stonesoft:stonegate:2.0.9

* cpe:/a:stonesoft:stonegate:2.1

* cpe:/a:stonesoft:stonegate:2.2

* cpe:/a:stonesoft:stonegate:2.2.1

* cpe:/a:stonesoft:stonegate:2.2.4

* cpe:/a:stonesoft:stonegate_vpn_client:1.7

* cpe:/a:stonesoft:stonegate_vpn_client:1.7.2

* cpe:/a:stonesoft:stonegate_vpn_client:2.0

* cpe:/a:stonesoft:stonegate_vpn_client:2.0.7

* cpe:/a:stonesoft:stonegate_vpn_client:2.0.8

* cpe:/a:stonesoft:stonegate_vpn_client:2.0.9

* cpe:/a:tarantella:tarantella_enterprise:3.20

* cpe:/a:tarantella:tarantella_enterprise:3.30

* cpe:/a:tarantella:tarantella_enterprise:3.40

* cpe:/a:vmware:gsx_server:2.0

* cpe:/a:vmware:gsx_server:2.0.1_build_2129

* cpe:/a:vmware:gsx_server:2.5.1

* cpe:/a:vmware:gsx_server:2.5.1_build_5336

* cpe:/a:vmware:gsx_server:3.0_build_7592

* cpe:/h:avaya:s8300:r2.0.0

* cpe:/h:avaya:s8300:r2.0.1

* cpe:/h:avaya:s8500:r2.0.0

* cpe:/h:avaya:s8500:r2.0.1

* cpe:/h:avaya:s8700:r2.0.0

* cpe:/h:avaya:s8700:r2.0.1

* cpe:/h:bluecoat:proxysg

* cpe:/h:cisco:call_manager

* cpe:/h:cisco:content_services_switch_11500

* cpe:/h:cisco:gss_4480_global_site_selector

* cpe:/h:cisco:gss_4490_global_site_selector

* cpe:/h:cisco:mds_9000

* cpe:/h:cisco:secure_content_accelerator:10000

* cpe:/h:securecomputing:sidewinder:5.2

* cpe:/h:securecomputing:sidewinder:5.2.0.01

* cpe:/h:securecomputing:sidewinder:5.2.0.02

* cpe:/h:securecomputing:sidewinder:5.2.0.03

* cpe:/h:securecomputing:sidewinder:5.2.0.04

* cpe:/h:securecomputing:sidewinder:5.2.1

* cpe:/h:securecomputing:sidewinder:5.2.1.02

* cpe:/h:sun:crypto_accelerator_4000:1.0

* cpe:/o:bluecoat:cacheos_ca_sa:4.1.10

* cpe:/o:bluecoat:cacheos_ca_sa:4.1.12

* cpe:/o:cisco:pix_firewall:6.0

* cpe:/o:cisco:pix_firewall:6.0%281%29

* cpe:/o:cisco:pix_firewall:6.0%282%29

* cpe:/o:cisco:pix_firewall:6.0%283%29

* cpe:/o:cisco:pix_firewall:6.0%284%29

* cpe:/o:cisco:pix_firewall:6.0%284.101%29

* cpe:/o:cisco:pix_firewall:6.1

* cpe:/o:cisco:pix_firewall:6.1%281%29

* cpe:/o:cisco:pix_firewall:6.1%282%29

* cpe:/o:cisco:pix_firewall:6.1%283%29

* cpe:/o:cisco:pix_firewall:6.1%284%29

* cpe:/o:cisco:pix_firewall:6.1%285%29

* cpe:/o:cisco:pix_firewall:6.2

* cpe:/o:cisco:pix_firewall:6.2%281%29

* cpe:/o:cisco:pix_firewall:6.2%282%29

* cpe:/o:cisco:pix_firewall:6.2%283%29

* cpe:/o:cisco:pix_firewall:6.2%283.100%29

* cpe:/o:cisco:pix_firewall:6.3

* cpe:/o:cisco:pix_firewall:6.3%281%29

* cpe:/o:cisco:pix_firewall:6.3%282%29

* cpe:/o:cisco:pix_firewall:6.3%283.102%29

* cpe:/o:cisco:pix_firewall:6.3%283.109%29

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079