Description
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- 4D / webstar4.0 – 4.0
- 4D / webstar5.3.1 – 5.3.1
- 4D / webstar5.3 – 5.3
- 4D / webstar5.2.4 – 5.2.4
- 4D / webstar5.2.3 – 5.2.3
- 4D / webstar5.2.2 – 5.2.2
- 4D / webstar5.2.1 – 5.2.1
- 4D / webstar5.2 – 5.2
- Apple / mac_os_x10.3.3 – 10.3.3
- Apple / mac_os_x_server10.3.3 – 10.3.3
- Avaya / converged_communications_server2.0 – 2.0
- Avaya / intuity_audixs3210 – s3210
- Avaya / intuity_audix5.1.46 – 5.1.46
- Avaya / intuity_audix
- Avaya / intuity_audixs3400 – s3400
- Avaya / s8300r2.0.0 – r2.0.0
- Avaya / s8300r2.0.1 – r2.0.1
- Avaya / s8500r2.0.1 – r2.0.1
- Avaya / s8500r2.0.0 – r2.0.0
- Avaya / s8700r2.0.0 – r2.0.0
- Avaya / s8700r2.0.1 – r2.0.1
- Avaya / sg2004.4 – 4.4
- Avaya / sg2004.31.29 – 4.31.29
- Avaya / sg2034.4 – 4.4
- Avaya / sg2034.31.29 – 4.31.29
- Avaya / sg2084.4 – 4.4
- Avaya / sg208
- Avaya / sg54.3 – 4.3
- Avaya / sg54.2 – 4.2
- Avaya / sg54.4 – 4.4
- Avaya / vsu10000_r2.0.1 – 10000_r2.0.1
- Avaya / vsu5 – 5
- Avaya / vsu5x – 5x
- Avaya / vsu100_r2.0.1 – 100_r2.0.1
- Avaya / vsu500 – 500
- Avaya / vsu2000_r2.0.1 – 2000_r2.0.1
- Avaya / vsu5000_r2.0.1 – 5000_r2.0.1
- Avaya / vsu7500_r2.0.1 – 7500_r2.0.1
- bluecoat / cacheos_ca_sa4.1.10 – 4.1.10
- bluecoat / cacheos_ca_sa4.1.12 – 4.1.12
- bluecoat / proxysg
- checkpoint / firewall-1
- checkpoint / firewall-1next_generation_fp2 – next_generation_fp2
- checkpoint / firewall-1next_generation_fp1 – next_generation_fp1
- checkpoint / firewall-1next_generation_fp0 – next_generation_fp0
- checkpoint / firewall-12.0 – 2.0
- checkpoint / provider-14.1 – 4.1
- checkpoint / provider-14.1 – 4.1
- checkpoint / provider-14.1 – 4.1
- checkpoint / provider-14.1 – 4.1
- checkpoint / provider-14.1 – 4.1
- checkpoint / vpn-1vsx_ng_with_application_intelligence – vsx_ng_with_application_intelligence
- checkpoint / vpn-1next_generation_fp0 – next_generation_fp0
- checkpoint / vpn-1next_generation_fp1 – next_generation_fp1
- checkpoint / vpn-1next_generation_fp2 – next_generation_fp2
- Cisco / access_registrar
- Cisco / application_and_content_networking_software
- Cisco / call_manager
- Cisco / ciscoworks_common_management_foundation2.1 – 2.1
- Cisco / ciscoworks_common_services2.2 – 2.2
- Cisco / content_services_switch_11500
- Cisco / css11000_content_services_switch
- Cisco / css_secure_content_accelerator2.0 – 2.0
- Cisco / css_secure_content_accelerator1.0 – 1.0
- Cisco / firewall_services_module1.1.2 – 1.1.2
- Cisco / firewall_services_module2.1_(0.208) – 2.1_(0.208)
- Cisco / firewall_services_module1.1_(3.005) – 1.1_(3.005)
- Cisco / firewall_services_module1.1.3 – 1.1.3
- Cisco / firewall_services_module
- Cisco / gss_4480_global_site_selector
- Cisco / gss_4490_global_site_selector
- Cisco / IOS12.2sy – 12.2sy
- Cisco / IOS12.1(11b)e – 12.1(11b)e
- Cisco / IOS12.2(14)sy1 – 12.2(14)sy1
- Cisco / IOS12.2za – 12.2za
- Cisco / IOS12.2(14)sy – 12.2(14)sy
- Cisco / IOS12.1(11)e – 12.1(11)e
- Cisco / IOS12.1(19)e1 – 12.1(19)e1
- Cisco / IOS12.1(13)e9 – 12.1(13)e9
- Cisco / IOS12.1(11b)e14 – 12.1(11b)e14
- Cisco / IOS12.1(11b)e12 – 12.1(11b)e12
- Cisco / mds_9000
- Cisco / okena_stormwatch3.2 – 3.2
- Cisco / pix_firewall6.2.2_.111 – 6.2.2_.111
- Cisco / pix_firewall_software6.3(1) – 6.3(1)
- Cisco / pix_firewall_software6.2(3.100) – 6.2(3.100)
- Cisco / pix_firewall_software6.2(3) – 6.2(3)
- Cisco / pix_firewall_software6.2(2) – 6.2(2)
- Cisco / pix_firewall_software6.2(1) – 6.2(1)
- Cisco / pix_firewall_software6.2 – 6.2
- Cisco / pix_firewall_software6.1(5) – 6.1(5)
- Cisco / pix_firewall_software6.1(4) – 6.1(4)
- Cisco / pix_firewall_software6.3(3.109) – 6.3(3.109)
- Cisco / pix_firewall_software6.1(3) – 6.1(3)
- Cisco / pix_firewall_software6.1(2) – 6.1(2)
- Cisco / pix_firewall_software6.1(1) – 6.1(1)
- Cisco / pix_firewall_software6.1 – 6.1
- Cisco / pix_firewall_software6.0(4.101) – 6.0(4.101)
- Cisco / pix_firewall_software6.0(4) – 6.0(4)
- Cisco / pix_firewall_software6.0(3) – 6.0(3)
- Cisco / pix_firewall_software6.0(2) – 6.0(2)
- Cisco / pix_firewall_software6.0(1) – 6.0(1)
- Cisco / pix_firewall_software6.0 – 6.0
- Cisco / pix_firewall_software6.3(3.102) – 6.3(3.102)
- Cisco / pix_firewall_software6.3(2) – 6.3(2)
- Cisco / pix_firewall_software6.3 – 6.3
- Cisco / secure_content_accelerator10000 – 10000
- Cisco / threat_response
- Cisco / webns7.10 – 7.10
- Cisco / webns7.2_0.0.03 – 7.2_0.0.03
- Cisco / webns7.1_0.2.06 – 7.1_0.2.06
- Cisco / webns7.10_.0.06s – 7.10_.0.06s
- Cisco / webns7.1_0.1.02 – 7.1_0.1.02
- Cisco / webns6.10_b4 – 6.10_b4
- Cisco / webns6.10 – 6.10
- Dell / BSAFE SSL-J3.0.1 – 3.0.1
- Dell / BSAFE SSL-J3.1 – 3.1
- Dell / BSAFE SSL-J3.0 – 3.0
- FreeBSD / FreeBSD5.2 – 5.2
- FreeBSD / FreeBSD4.8 – 4.8
- FreeBSD / FreeBSD4.9 – 4.9
- FreeBSD / FreeBSD5.1 – 5.1
- FreeBSD / FreeBSD5.1 – 5.1
- FreeBSD / FreeBSD5.1 – 5.1
- FreeBSD / FreeBSD5.2.1 – 5.2.1
- FreeBSD / FreeBSD4.8 – 4.8
- HP / aaa_server
- HP / apache-based_web_server2.0.43.00 – 2.0.43.00
- HP / apache-based_web_server2.0.43.04 – 2.0.43.04
- HP / hp-ux8.05 – 8.05
- HP / hp-ux11.00 – 11.00
- HP / hp-ux11.11 – 11.11
- HP / hp-ux11.23 – 11.23
- HP / wbema.01.05.08 – a.01.05.08
- HP / wbema.02.00.00 – a.02.00.00
- HP / wbema.02.00.01 – a.02.00.01
- lite / speed_technologies_litespeed_web_server1.3_rc1 – 1.3_rc1
- lite / speed_technologies_litespeed_web_server1.3_rc2 – 1.3_rc2
- lite / speed_technologies_litespeed_web_server1.3_rc3 – 1.3_rc3
- lite / speed_technologies_litespeed_web_server1.0.3 – 1.0.3
- lite / speed_technologies_litespeed_web_server1.1 – 1.1
- lite / speed_technologies_litespeed_web_server1.0.2 – 1.0.2
- lite / speed_technologies_litespeed_web_server1.0.1 – 1.0.1
- lite / speed_technologies_litespeed_web_server1.2_rc1 – 1.2_rc1
- lite / speed_technologies_litespeed_web_server1.2.2 – 1.2.2
- lite / speed_technologies_litespeed_web_server1.2.1 – 1.2.1
- lite / speed_technologies_litespeed_web_server1.1.1 – 1.1.1
- lite / speed_technologies_litespeed_web_server1.2_rc2 – 1.2_rc2
- lite / speed_technologies_litespeed_web_server1.3 – 1.3
- lite / speed_technologies_litespeed_web_server1.3.1 – 1.3.1
- neoteris / instant_virtual_extranet3.1 – 3.1
- neoteris / instant_virtual_extranet3.0 – 3.0
- neoteris / instant_virtual_extranet3.2 – 3.2
- neoteris / instant_virtual_extranet3.3 – 3.3
- neoteris / instant_virtual_extranet3.3.1 – 3.3.1
- Novell / eDirectory8.7 – 8.7
- Novell / eDirectory8.5.27 – 8.5.27
- Novell / eDirectory8.7.1 – 8.7.1
- Novell / eDirectory8.7.1 – 8.7.1
- Novell / eDirectory8.0 – 8.0
- Novell / eDirectory8.5 – 8.5
- Novell / eDirectory8.5.12a – 8.5.12a
- Novell / eDirectory8.6.2 – 8.6.2
- Novell / imanager2.0 – 2.0
- Novell / imanager1.5 – 1.5
- OpenBSD / OpenBSD3.3 – 3.3
- OpenBSD / OpenBSD3.4 – 3.4
- OpenSSL / OpenSSL0.9.6f – 0.9.6f
- OpenSSL / OpenSSL0.9.6e – 0.9.6e
- OpenSSL / OpenSSL0.9.6d – 0.9.6d
- OpenSSL / OpenSSL0.9.6c – 0.9.6c
- OpenSSL / OpenSSL0.9.7c – 0.9.7c
- OpenSSL / OpenSSL0.9.7b – 0.9.7b
- OpenSSL / OpenSSL0.9.7a – 0.9.7a
- OpenSSL / OpenSSL0.9.7 – 0.9.7
- OpenSSL / OpenSSL0.9.7 – 0.9.7
- OpenSSL / OpenSSL0.9.7 – 0.9.7
- OpenSSL / OpenSSL0.9.7 – 0.9.7
- OpenSSL / OpenSSL0.9.6k – 0.9.6k
- OpenSSL / OpenSSL0.9.6j – 0.9.6j
- OpenSSL / OpenSSL0.9.6i – 0.9.6i
- OpenSSL / OpenSSL0.9.6h – 0.9.6h
- OpenSSL / OpenSSL0.9.6g – 0.9.6g
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux_desktop3.0 – 3.0
- RedHat / linux8.0 – 8.0
- RedHat / linux7.3 – 7.3
- RedHat / linux7.2 – 7.2
- RedHat / openssl0.9.7a-2 – 0.9.7a-2
- RedHat / openssl0.9.7a-2 – 0.9.7a-2
- RedHat / openssl0.9.6b-3 – 0.9.6b-3
- RedHat / openssl0.9.6-15 – 0.9.6-15
- RedHat / openssl0.9.7a-2 – 0.9.7a-2
- sco / openserver5.0.6 – 5.0.6
- sco / openserver5.0.7 – 5.0.7
- securecomputing / sidewinder5.2.0.04 – 5.2.0.04
- securecomputing / sidewinder5.2.1 – 5.2.1
- securecomputing / sidewinder5.2.1.02 – 5.2.1.02
- securecomputing / sidewinder5.2 – 5.2
- securecomputing / sidewinder5.2.0.01 – 5.2.0.01
- securecomputing / sidewinder5.2.0.02 – 5.2.0.02
- securecomputing / sidewinder5.2.0.03 – 5.2.0.03
- sgi / propack3.0 – 3.0
- sgi / propack2.3 – 2.3
- sgi / propack2.4 – 2.4
- stonesoft / servercluster2.5 – 2.5
- stonesoft / servercluster2.5.2 – 2.5.2
- stonesoft / stonebeat_fullcluster2.0 – 2.0
- stonesoft / stonebeat_fullcluster1_3.0 – 1_3.0
- stonesoft / stonebeat_fullcluster1_2.0 – 1_2.0
- stonesoft / stonebeat_fullcluster3.0 – 3.0
- stonesoft / stonebeat_fullcluster2.5 – 2.5
- stonesoft / stonebeat_securitycluster2.5 – 2.5
- stonesoft / stonebeat_securitycluster2.0 – 2.0
- stonesoft / stonebeat_webcluster2.5 – 2.5
- stonesoft / stonebeat_webcluster2.0 – 2.0
- stonesoft / stonegate2.2.1 – 2.2.1
- stonesoft / stonegate1.5.17 – 1.5.17
- stonesoft / stonegate1.5.18 – 1.5.18
- stonesoft / stonegate1.6.2 – 1.6.2
- stonesoft / stonegate1.6.3 – 1.6.3
- stonesoft / stonegate1.7 – 1.7
- stonesoft / stonegate1.7.1 – 1.7.1
- stonesoft / stonegate1.7.2 – 1.7.2
- stonesoft / stonegate2.0.1 – 2.0.1
- stonesoft / stonegate2.0.4 – 2.0.4
- stonesoft / stonegate2.0.5 – 2.0.5
- stonesoft / stonegate2.0.6 – 2.0.6
- stonesoft / stonegate2.0.7 – 2.0.7
- stonesoft / stonegate2.0.8 – 2.0.8
- stonesoft / stonegate2.0.9 – 2.0.9
- stonesoft / stonegate2.1 – 2.1
- stonesoft / stonegate2.2 – 2.2
- stonesoft / stonegate2.2.4 – 2.2.4
- stonesoft / stonegate_vpn_client1.7.2 – 1.7.2
- stonesoft / stonegate_vpn_client2.0.8 – 2.0.8
- stonesoft / stonegate_vpn_client1.7 – 1.7
- stonesoft / stonegate_vpn_client2.0.9 – 2.0.9
- stonesoft / stonegate_vpn_client2.0 – 2.0
- stonesoft / stonegate_vpn_client2.0.7 – 2.0.7
- sun / crypto_accelerator_40001.0 – 1.0
- Symantec / clientless_vpn_gateway_44005.0 – 5.0
- tarantella / tarantella_enterprise3.20 – 3.20
- tarantella / tarantella_enterprise3.30 – 3.30
- tarantella / tarantella_enterprise3.40 – 3.40
- VMware / gsx_server2.0 – 2.0
- VMware / gsx_server2.0.1_build_2129 – 2.0.1_build_2129
- VMware / gsx_server2.5.1 – 2.5.1
- VMware / gsx_server2.5.1_build_5336 – 2.5.1_build_5336
- VMware / gsx_server3.0_build_7592 – 3.0_build_7592
References
- MISChttp://www.securityfocus.com/bid/9899
- MISChttp://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
- VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=108403806509920&w=2
- MISChttp://www.redhat.com/support/errata/RHSA-2004-121.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:023
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
- MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
- VENDOR_ADVISORYhttp://secunia.com/advisories/17381
- MISChttp://www.uniras.gov.uk/vuls/2004/224012/index.htm
- MISChttp://fedoranews.org/updates/FEDORA-2004-095.shtml
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975
- MISChttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2004_07_openssl.html
- MAILING_LISThttp://lists.apple.com/mhonarc/security-announce/msg00045.html
- MISChttp://www.openssl.org/news/secadv_20040317.txt
- VENDOR_ADVISORYftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc
- VENDOR_ADVISORYftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
- MISChttp://www.ciac.org/ciac/bulletins/o-101.shtml
- MISChttp://www.us-cert.gov/cas/techalerts/TA04-078A.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/17401
- MISChttp://www.redhat.com/support/errata/RHSA-2005-829.html
- MISChttp://support.avaya.com/elmodocs2/security/ASA-2005-239.htm
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870
- MISChttp://www.redhat.com/support/errata/RHSA-2005-830.html
- MISChttp://security.gentoo.org/glsa/glsa-200403-03.xml
- VENDOR_ADVISORYhttp://secunia.com/advisories/11139
- MISChttp://www.redhat.com/support/errata/RHSA-2004-120.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=107953412903636&w=2
- MISChttp://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/17398
- MISChttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
- MISChttp://www.redhat.com/support/errata/RHSA-2004-139.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15505
- MISChttp://www.trustix.org/errata/2004/0012
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
- VENDOR_ADVISORYhttp://docs.info.apple.com/article.html?artnum=61798
- MISChttp://www.kb.cert.org/vuls/id/288574
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-465
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/18247
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770