[VulnWatch] Vulnerability Issues in OpenSSL

From: Chris Wysopal (weld_at_vulnwatch.org)
Date: 09/30/03

Previous message: ECHU.ORG: "[VulnWatch] ECHU.ORG Alert #4: GuppY makes XSS attacks easy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Sep 2003 14:52:07 +0000 (GMT)
To: vulnwatch@vulnwatch.org

Full Advisory:
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

Vulnerability Issues in OpenSSL

Version Information
Advisory Reference 006489/OpenSSL
Release Date 30 September 2003
Last Revision 30 September 2003
Version Number 1.1

What is Affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay. (SSLeay is no longer maintained.)

Severity

Three specific vulnerabilities have been discovered in the OpenSSL
libraries. Two of these could allow a Denial of Service attack, the third
may result in an attacker being able to execute malicious code under
certain conditions.

Previous message: ECHU.ORG: "[VulnWatch] ECHU.ORG Alert #4: GuppY makes XSS attacks easy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
... There are four remotely exploitable buffer overflows in OpenSSL. ... Several of these vulnerabilities could be used by a remote attacker to ... This vulnerability can be exploited by a client ... Exploitation of this vulnerability can lead to remote ...
(Cert)
[CLA-2004:834] Conectiva Security Announcement - openssl
... OpenSSL versions distributed with Conectiva Linux: ... vulnerability was discovered by the OpenSSL team using the ... after the new packages are installed. ...
(Bugtraq)
MDKSA-2002:046 - openssl update
... OpenSSL code that are all potentially remotely exploitable. ... a vulnerability was found by Adi Stav and James Yonan ... upgrade to these OpenSSL packages. ... Mandrake Linux 8.0/ppc: ...
(Bugtraq)
New OpenSSL remote vulnerability (issue date 2003/10/02)
... Mr. Hornik discovered remote vulnerability in OpenSSL package provided ... Affected are all RedHat distributions up to version 8.0 including. ...
(Bugtraq)
MDKSA-2004:023 - Updated openssl packages fix multiple vulnerabilities
... A vulnerability was discovered by the OpenSSL group using the ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ...
(Bugtraq)