CVE-2004-0079

Severity

50%

Complexity

99%

Confidentiality

48%

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 20 years ago

2004-11-23 05:00:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Cisco Firewall Services Module

Cisco Firewall Services Module 1.1.2

1.1.2

Cisco Firewall Services Module 1.1.3

1.1.3

Cisco Firewall Services Module 1.1 (3.005)

1.1_\(3.005\)

Cisco Firewall Services Module 2.1 (0.208)

2.1_\(0.208\)

HP AAA Server

HP Apache-Based Web Server 2.0.43.00

2.0.43.00

HP Apache-Based Web Server 2.0.43.04

2.0.43.04

Cisco CiscoWorks Common Management Foundation 2.1

2.1

Cisco CiscoWorks Common Services 2.2

2.2

Avaya Converged Communications Server 2.0

2.0

Avaya SG200 4.4

4.4

Avaya SG203 4.4

4.4

Avaya SG208

Avaya SG208 4.4

4.4

Avaya SG5 4.2

4.2

Avaya SG5 4.3

4.3

Avaya SG5 4.4

4.4

Apple Mac OS X 10.3.3

10.3.3

Apple Mac OS X Server 10.3.3

10.3.3

FreeBSD 4.8

4.8

FreeBSD 4.9

4.9

FreeBSD 5.1

5.1

FreeBSD 5.2

5.2

HP HP-UX 8.5

8.05

HP-UX 11.00

11.00

HP-UX 11.11

11.11

HP-UX 11i v2

11.23

OpenBSD 3.3

3.3

OpenBSD 3.4

3.4

Red Hat Desktop 3.0

3.0

Red Hat Linux 7.2

7.2

Red Hat Linux 7.3

7.3

Red Hat Linux 8.0

8.0

References

FreeBSD-SA-04:05

NetBSD-SA2004-005

SCOSA-2004.10

CLA-2004:834

http://docs.info.apple.com/article.html?artnum=61798

FEDORA-2004-095

APPLE-SA-2005-08-17

APPLE-SA-2005-08-15

http://lists.apple.com/mhonarc/security-announce/msg00045.html

20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]

SSRT4717

11139

17381

17398

17401

18247

GLSA-200403-03

57524

http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm

http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US

O-101

20040317 Cisco OpenSSL Implementation Vulnerability

DSA-465

VU#288574

US Government Resource

ESA-20040317-003

MDKSA-2004:023

SuSE-SA:2004:007

http://www.openssl.org/news/secadv_20040317.txt

FEDORA-2005-1042

RHSA-2004:120

RHSA-2004:121

RHSA-2004:139

RHSA-2005:829

RHSA-2005:830

9899

Vendor Advisory

SSA:2004-077

2004-0012

http://www.uniras.gov.uk/vuls/2004/224012/index.htm

TA04-078A

Third Party Advisory, US Government Resource

openssl-dochangecipherspec-dos(15505)

oval:org.mitre.oval:def:2621

oval:org.mitre.oval:def:5770

oval:org.mitre.oval:def:870

oval:org.mitre.oval:def:975

oval:org.mitre.oval:def:9779

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.