CVE-2004-0081
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:40:46
NMCO    

[原文]OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.


[CNNVD]多个Oracle高危险漏洞(CNNVD-200411-078)

        
        Oracle是一款大型数据库软件。
        Oracle中存在多个漏洞,影响Oracle产品的所有安全属性,可能构成本地或远程威胁。有些漏洞可能需要各种级别的认证才能利用,但也有些漏洞不需任何认证。攻击者可能利用这些漏洞完全控制受影响的数据库。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:openssl:openssl:0.9.7:beta3OpenSSL Project OpenSSL 0.9.7 beta3
cpe:/a:cisco:webns:6.10_b4Cisco WebNS 6.10 B4
cpe:/a:openssl:openssl:0.9.7:beta2OpenSSL Project OpenSSL 0.9.7 beta2
cpe:/a:openssl:openssl:0.9.7OpenSSL Project OpenSSL 0.9.7
cpe:/a:sgi:propack:2.3SGI ProPack 2.3
cpe:/o:cisco:pix_firewall:6.0%281%29
cpe:/a:openssl:openssl:0.9.7:beta1OpenSSL Project OpenSSL 0.9.7 beta1
cpe:/h:avaya:s8300:r2.0.0
cpe:/a:stonesoft:stonebeat_fullcluster:2.5
cpe:/h:cisco:firewall_services_module:2.1_%280.208%29Cisco Firewall Services Module 2.1 (0.208)
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/a:stonesoft:stonebeat_fullcluster:2.0
cpe:/h:cisco:secure_content_accelerator:10000
cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence
cpe:/a:stonesoft:stonegate_vpn_client:2.0
cpe:/a:sgi:propack:2.4SGI ProPack 2.4
cpe:/o:bluecoat:cacheos_ca_sa:4.1.10
cpe:/a:cisco:css_secure_content_accelerator:1.0
cpe:/h:avaya:sg200:4.31.29
cpe:/a:cisco:webns:6.10Cisco WebNS 6.10
cpe:/o:cisco:pix_firewall:6.0%282%29
cpe:/a:novell:imanager:1.5Novell iManager 1.5
cpe:/a:stonesoft:stonegate:1.7.1
cpe:/a:avaya:vsu:5000_r2.0.1
cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1
cpe:/a:stonesoft:stonegate:1.7.2
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3
cpe:/o:redhat:linux:8.0Red Hat Linux 8.0
cpe:/a:vmware:gsx_server:2.0VMWare GSX Server 2.0
cpe:/a:cisco:webns:7.10_.0.06sCisco WebNS 7.10 .0.06s
cpe:/h:symantec:clientless_vpn_gateway_4400:5.0
cpe:/a:lite:speed_technologies_litespeed_web_server:1.1
cpe:/a:neoteris:instant_virtual_extranet:3.3.1
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/a:avaya:vsu:500
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:novell:edirectory:8.5.12aNovell eDirectory 8.5.12a
cpe:/h:cisco:firewall_services_module:1.1_%283.005%29Cisco Firewall Services Module 1.1 (3.005)
cpe:/h:avaya:sg208Avaya SG208
cpe:/a:novell:edirectory:8.6.2Novell eDirectory 8.6.2
cpe:/o:cisco:pix_firewall:6.1
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:5.1:release
cpe:/h:avaya:s8300:r2.0.1
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1
cpe:/o:cisco:ios:12.1%2811b%29eCisco IOS 12.1 (11b)E
cpe:/h:securecomputing:sidewinder:5.2.1.02Secure Computing Sidewinder 5.2.1.02
cpe:/o:cisco:pix_firewall:6.3
cpe:/o:cisco:pix_firewall:6.0
cpe:/o:cisco:pix_firewall:6.2
cpe:/a:redhat:openssl:0.9.7a-2::i386
cpe:/o:cisco:ios:12.1%2819%29e1Cisco IOS 12.1(19)E1
cpe:/h:cisco:gss_4490_global_site_selectorCisco GSS 4490 Global Site Selector
cpe:/a:cisco:webns:7.10Cisco WebNS 7.10
cpe:/a:redhat:openssl:0.9.7a-2::i386_dev
cpe:/a:avaya:vsu:5
cpe:/o:cisco:pix_firewall:6.2%283.100%29
cpe:/a:avaya:intuity_audix:5.1.46Avaya Intuity R5 R5.1.46
cpe:/a:stonesoft:stonebeat_securitycluster:2.5
cpe:/a:cisco:okena_stormwatch:3.2Cisco Okena Stormwatch 3.2
cpe:/o:cisco:ios:12.2%2814%29sy1Cisco IOS 12.2 (14)SY1
cpe:/a:redhat:openssl:0.9.7a-2::i386_perl
cpe:/a:stonesoft:stonebeat_securitycluster:2.0
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2
cpe:/a:novell:edirectory:8.7.1Novell eDirectory 8.7.1
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:cisco:ios:12.2zaCisco IOS 12.2ZA
cpe:/a:novell:edirectory:8.5.27Novell eDirectory 8.5.27
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1
cpe:/o:apple:mac_os_x_server:10.3.3Apple Mac OS X Server 10.3.3
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1
cpe:/a:avaya:vsu:5x
cpe:/h:avaya:sg200:4.4Avaya SG200 4.4
cpe:/a:novell:edirectory:8.5Novell eDirectory 8.5
cpe:/a:tarantella:tarantella_enterprise:3.40
cpe:/a:novell:edirectory:8.0Novell eDirectory 8.0
cpe:/o:hp:hp-ux:11.23HP-UX 11i v2
cpe:/a:cisco:pix_firewall:6.2.2_.111
cpe:/o:cisco:ios:12.1%2811b%29e14Cisco IOS 12.1 (11b)E14
cpe:/o:cisco:ios:12.2%2814%29syCisco IOS 12.2 (14)SY
cpe:/o:cisco:pix_firewall:6.3%282%29
cpe:/h:bluecoat:proxysgBlue Coat Systems ProxySG
cpe:/a:vmware:gsx_server:2.5.1_build_5336VMWare GSX Server 2.5.1 build 5336
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3
cpe:/a:checkpoint:firewall-1:::vsx-ng-ai
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1
cpe:/o:cisco:pix_firewall:6.3%283.109%29
cpe:/a:cisco:webns:7.1_0.2.06Cisco WebNS 7.1 0.2.06
cpe:/o:cisco:ios:12.1%2811b%29e12Cisco IOS 12.1 (11b)E12
cpe:/a:stonesoft:stonegate:2.0.7
cpe:/a:stonesoft:stonegate:1.5.17
cpe:/o:bluecoat:cacheos_ca_sa:4.1.12
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/a:avaya:intuity_audix:::lx
cpe:/a:cisco:threat_responseCisco Threat Response
cpe:/a:rsa:bsafe_ssl-j_sdk:3.0RSA BSAFE SSL-J SDK 3.0
cpe:/a:rsa:bsafe_ssl-j_sdk:3.1RSA BSAFE SSL-J SDK 3.1
cpe:/a:4d:webstar:5.2.4
cpe:/a:4d:webstar:5.2.3
cpe:/a:checkpoint:vpn-1:next_generation
cpe:/o:hp:hp-ux:8.05HP HP-UX 8.5
cpe:/h:avaya:sg203:4.31.29
cpe:/a:4d:webstar:5.2.2
cpe:/a:4d:webstar:5.2.1
cpe:/a:stonesoft:stonegate:2.0.1
cpe:/a:stonesoft:stonegate:2.0.4
cpe:/a:stonesoft:stonegate:1.5.18
cpe:/h:avaya:s8500:r2.0.1
cpe:/h:avaya:s8500:r2.0.0
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/a:stonesoft:stonegate:2.0.5
cpe:/a:stonesoft:stonegate:2.0.8
cpe:/a:stonesoft:stonegate:2.0.6
cpe:/a:novell:edirectory:8.7.1:sp1Novell eDirectory 8.7.1 SU1
cpe:/a:stonesoft:stonegate:2.0.9
cpe:/a:cisco:application_and_content_networking_softwareCisco Application and Content Networking Software
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:cisco:pix_firewall:6.2%283%29
cpe:/h:hp:aaa_serverHP AAA Server
cpe:/a:avaya:intuity_audix:s3400
cpe:/h:cisco:firewall_services_moduleCisco Firewall Services Module
cpe:/h:cisco:gss_4480_global_site_selectorCisco GSS 4480 Global Site Selector
cpe:/a:avaya:vsu:2000_r2.0.1
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4
cpe:/o:openbsd:openbsd:3.3OpenBSD 3.3
cpe:/o:cisco:pix_firewall:6.3%281%29
cpe:/o:cisco:ios:12.1%2811%29eCisco IOS 12.1 (11)E
cpe:/h:hp:apache-based_web_server:2.0.43.04HP Apache-Based Web Server 2.0.43.04
cpe:/h:hp:apache-based_web_server:2.0.43.00HP Apache-Based Web Server 2.0.43.00
cpe:/a:stonesoft:stonegate:2.2
cpe:/a:checkpoint:firewall-1:next_generation_fp2
cpe:/a:checkpoint:firewall-1:next_generation_fp1
cpe:/o:cisco:pix_firewall:6.1%284%29
cpe:/a:stonesoft:stonegate:2.1
cpe:/o:cisco:pix_firewall:6.2%281%29
cpe:/a:checkpoint:firewall-1:next_generation_fp0
cpe:/h:securecomputing:sidewinder:5.2Secure Computing Sidewinder 5.2
cpe:/a:stonesoft:stonegate_vpn_client:1.7
cpe:/o:cisco:ios:12.1%2813%29e9Cisco IOS 12.1(13)E9
cpe:/a:avaya:vsu:100_r2.0.1
cpe:/a:stonesoft:stonegate_vpn_client:2.0.8
cpe:/a:stonesoft:stonegate_vpn_client:2.0.9
cpe:/a:cisco:css11000_content_services_switch
cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0
cpe:/a:hp:wbem:a.02.00.01HP WBEM A.02.00.01
cpe:/a:cisco:ciscoworks_common_management_foundation:2.1Cisco CiscoWorks Common Management Foundation 2.1
cpe:/a:stonesoft:stonegate_vpn_client:2.0.7
cpe:/a:avaya:vsu:10000_r2.0.1
cpe:/o:cisco:pix_firewall:6.1%285%29
cpe:/h:sun:crypto_accelerator_4000:1.0Sun Crypto Accelerator 4000 1.0
cpe:/a:stonesoft:stonegate_vpn_client:1.7.2
cpe:/h:cisco:call_managerCisco Call Manager
cpe:/h:avaya:sg208:4.4Avaya SG208 4.4
cpe:/a:avaya:intuity_audix:s3210
cpe:/h:avaya:sg203:4.4Avaya SG203 4.4
cpe:/a:4d:webstar:5.3
cpe:/a:cisco:css_secure_content_accelerator:2.0
cpe:/o:cisco:pix_firewall:6.2%282%29
cpe:/a:redhat:openssl:0.9.6-15::i386
cpe:/a:4d:webstar:5.2
cpe:/h:avaya:sg5:4.3Avaya SG5 4.3
cpe:/h:avaya:sg5:4.2Avaya SG5 4.2
cpe:/a:cisco:webns:7.1_0.1.02Cisco WebNS 7.1 0.1.02
cpe:/h:avaya:sg5:4.4Avaya SG5 4.4
cpe:/a:novell:imanager:2.0Novell iManager 2.0
cpe:/h:avaya:s8700:r2.0.1
cpe:/a:checkpoint:provider-1:4.1Checkpoint Provider-1 4.1
cpe:/a:stonesoft:stonegate:2.2.1
cpe:/h:avaya:s8700:r2.0.0
cpe:/a:hp:wbem:a.02.00.00HP WBEM A.02.00.00
cpe:/a:stonesoft:stonegate:2.2.4
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:sco:openserver:5.0.6
cpe:/h:securecomputing:sidewinder:5.2.0.02Secure Computing Sidewinder 5.2.0.02
cpe:/h:securecomputing:sidewinder:5.2.0.01Secure Computing Sidewinder 5.2.0.01
cpe:/a:checkpoint:provider-1:4.1:sp2Checkpoint Provider-1 4.1 SP2
cpe:/a:stonesoft:stonebeat_webcluster:2.0
cpe:/a:vmware:gsx_server:2.0.1_build_2129VMWare GSX Server 2.0.1 build 2129
cpe:/a:checkpoint:provider-1:4.1:sp1Checkpoint Provider-1 4.1 SP1
cpe:/h:securecomputing:sidewinder:5.2.0.04Secure Computing Sidewinder 5.2.0.04
cpe:/a:stonesoft:stonegate:1.7
cpe:/h:securecomputing:sidewinder:5.2.0.03Secure Computing Sidewinder 5.2.0.03
cpe:/o:cisco:pix_firewall:6.1%282%29
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3
cpe:/o:cisco:ios:12.2syCisco IOS 12.2SY
cpe:/a:hp:wbem:a.01.05.08HP WBEM A.01.05.08
cpe:/a:stonesoft:stonebeat_webcluster:2.5
cpe:/a:tarantella:tarantella_enterprise:3.30
cpe:/a:avaya:vsu:7500_r2.0.1
cpe:/h:cisco:content_services_switch_11500Cisco Content Service Switch 11500
cpe:/a:4d:webstar:4.0
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:cisco:pix_firewall:6.1%283%29
cpe:/a:openssl:openssl:0.9.6cOpenSSL Project OpenSSL 0.9.6c
cpe:/a:openssl:openssl:0.9.6dOpenSSL Project OpenSSL 0.9.6d
cpe:/a:openssl:openssl:0.9.6eOpenSSL Project OpenSSL 0.9.6e
cpe:/a:openssl:openssl:0.9.6fOpenSSL Project OpenSSL 0.9.6f
cpe:/a:openssl:openssl:0.9.7aOpenSSL Project OpenSSL 0.9.7a
cpe:/a:4d:webstar:5.3.1
cpe:/a:openssl:openssl:0.9.7bOpenSSL Project OpenSSL 0.9.7b
cpe:/a:openssl:openssl:0.9.7cOpenSSL Project OpenSSL 0.9.7c
cpe:/a:checkpoint:provider-1:4.1:sp4Checkpoint Provider-1 4.1 SP4
cpe:/a:openssl:openssl:0.9.6kOpenSSL Project OpenSSL 0.9.6k
cpe:/a:vmware:gsx_server:2.5.1VMWare GSX Server 2.5.1
cpe:/a:checkpoint:provider-1:4.1:sp3Checkpoint Provider-1 4.1 SP3
cpe:/a:vmware:gsx_server:3.0_build_7592VMWare GSX Server 3.0 build 7592
cpe:/a:openssl:openssl:0.9.6gOpenSSL Project OpenSSL 0.9.6g
cpe:/a:openssl:openssl:0.9.6hOpenSSL Project OpenSSL 0.9.6h
cpe:/a:openssl:openssl:0.9.6iOpenSSL Project OpenSSL 0.9.6i
cpe:/a:openssl:openssl:0.9.6jOpenSSL Project OpenSSL 0.9.6j
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/a:stonesoft:servercluster:2.5
cpe:/a:cisco:access_registrarCisco Access Registrar
cpe:/h:securecomputing:sidewinder:5.2.1Secure Computing Sidewinder 5.2.1
cpe:/o:cisco:pix_firewall:6.0%283%29
cpe:/a:checkpoint:vpn-1:next_generation_fp0
cpe:/a:checkpoint:vpn-1:next_generation_fp1
cpe:/a:novell:edirectory:8.7Novell eDirectory 8.7
cpe:/a:cisco:webns:7.2_0.0.03Cisco WebNS 7.2 0.0.03
cpe:/a:stonesoft:stonebeat_fullcluster:3.0
cpe:/h:cisco:firewall_services_module:1.1.3Cisco Firewall Services Module 1.1.3
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/h:cisco:firewall_services_module:1.1.2Cisco Firewall Services Module 1.1.2
cpe:/a:cisco:ciscoworks_common_services:2.2Cisco CiscoWorks Common Services 2.2
cpe:/h:cisco:mds_9000Cisco MDS 9000
cpe:/o:cisco:pix_firewall:6.3%283.102%29
cpe:/a:redhat:openssl:0.9.6b-3::i386
cpe:/a:stonesoft:servercluster:2.5.2
cpe:/o:cisco:pix_firewall:6.1%281%29
cpe:/a:stonesoft:stonegate:1.6.2
cpe:/o:sco:openserver:5.0.7
cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1RSA BSAFE SSL-J SDK 3.0.1
cpe:/o:cisco:pix_firewall:6.0%284%29
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2
cpe:/a:neoteris:instant_virtual_extranet:3.3
cpe:/a:stonesoft:stonegate:1.6.3
cpe:/a:neoteris:instant_virtual_extranet:3.1
cpe:/h:avaya:converged_communications_server:2.0Avaya Converged Communications Server 2.0
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1
cpe:/a:neoteris:instant_virtual_extranet:3.2
cpe:/a:tarantella:tarantella_enterprise:3.20
cpe:/a:neoteris:instant_virtual_extranet:3.0
cpe:/o:cisco:pix_firewall:6.0%284.101%29
cpe:/a:checkpoint:firewall-1:2.0::gx

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:902Red Hat OpenSSL Improper Unknown Message Handling Vulnerability
oval:org.mitre.oval:def:871Red Hat Enterprise 3 OpenSSL Improper Unknown Message Handling Vulnerability
oval:org.mitre.oval:def:11755OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infi...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0081
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-078
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
(UNKNOWN)  SCO  SCOSA-2004.10
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
(UNKNOWN)  SGI  20040304-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
(UNKNOWN)  CONECTIVA  CLA-2004:834
http://fedoranews.org/updates/FEDORA-2004-095.shtml
(UNKNOWN)  FEDORA  FEDORA-2004-095
http://marc.info/?l=bugtraq&m=107955049331965&w=2
(UNKNOWN)  BUGTRAQ  20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]
http://marc.info/?l=bugtraq&m=108403850228012&w=2
(UNKNOWN)  BUGTRAQ  20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
http://rhn.redhat.com/errata/RHSA-2004-119.html
(UNKNOWN)  REDHAT  RHSA-2004:119
http://security.gentoo.org/glsa/glsa-200403-03.xml
(UNKNOWN)  GENTOO  GLSA-200403-03
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
(UNKNOWN)  SUNALERT  57524
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
(UNKNOWN)  CISCO  20040317 Cisco OpenSSL Implementation Vulnerability
http://www.debian.org/security/2004/dsa-465
(UNKNOWN)  DEBIAN  DSA-465
http://www.kb.cert.org/vuls/id/465542
(VENDOR_ADVISORY)  CERT-VN  VU#465542
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
(UNKNOWN)  ENGARDE  ESA-20040317-003
http://www.redhat.com/support/errata/RHSA-2004-120.html
(UNKNOWN)  REDHAT  RHSA-2004:120
http://www.redhat.com/support/errata/RHSA-2004-121.html
(UNKNOWN)  REDHAT  RHSA-2004:121
http://www.redhat.com/support/errata/RHSA-2004-139.html
(UNKNOWN)  REDHAT  RHSA-2004:139
http://www.securityfocus.com/bid/9899
(VENDOR_ADVISORY)  BID  9899
http://www.trustix.org/errata/2004/0012
(UNKNOWN)  TRUSTIX  2004-0012
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
(UNKNOWN)  MISC  http://www.uniras.gov.uk/vuls/2004/224012/index.htm
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
(UNKNOWN)  CERT  TA04-078A
http://xforce.iss.net/xforce/xfdb/15509
(VENDOR_ADVISORY)  XF  openssl-tls-dos(15509)

- 漏洞信息

多个Oracle高危险漏洞
中危 未知
2004-11-23 00:00:00 2006-09-20 00:00:00
远程※本地  
        
        Oracle是一款大型数据库软件。
        Oracle中存在多个漏洞,影响Oracle产品的所有安全属性,可能构成本地或远程威胁。有些漏洞可能需要各种级别的认证才能利用,但也有些漏洞不需任何认证。攻击者可能利用这些漏洞完全控制受影响的数据库。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

- 漏洞信息

4318
OpenSSL TLS Infinite Loop DoS
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when unknown TLS message types are sent to it, which creates an infinite loop and will result in loss of availability for OpenSSL or the application using it.

- 时间线

2004-03-17 Unknow
2004-03-17 Unknow

- 解决方案

Upgrade to version 0.9.6d or higher and recompile all applications statically linked with OpenSSL, as this has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站