CVE-2004-0081
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2017-07-10 21:29:53
NMCO    

[原文]OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.


[CNNVD]多个Oracle高危险漏洞(CNNVD-200411-078)

        
        Oracle是一款大型数据库软件。
        Oracle中存在多个漏洞,影响Oracle产品的所有安全属性,可能构成本地或远程威胁。有些漏洞可能需要各种级别的认证才能利用,但也有些漏洞不需任何认证。攻击者可能利用这些漏洞完全控制受影响的数据库。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:symantec:clientless_vpn_gateway_4400:5.0
cpe:/o:cisco:pix_firewall:6.1%284%29
cpe:/o:cisco:pix_firewall:6.2%281%29
cpe:/o:cisco:ios:12.2%2814%29sy1Cisco IOS 12.2 (14)SY1
cpe:/a:redhat:openssl:0.9.6-15::i386
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1
cpe:/h:cisco:gss_4480_global_site_selectorCisco GSS 4480 Global Site Selector
cpe:/a:tarantella:tarantella_enterprise:3.40
cpe:/a:lite:speed_technologies_litespeed_web_server:1.1
cpe:/a:4d:webstar:5.2.3
cpe:/a:4d:webstar:5.2.4
cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0
cpe:/h:avaya:sg208Avaya SG208
cpe:/a:stonesoft:stonegate:2.2
cpe:/a:stonesoft:stonegate:2.1
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3
cpe:/a:4d:webstar:5.2.1
cpe:/a:4d:webstar:5.2.2
cpe:/h:securecomputing:sidewinder:5.2.0.03Secure Computing Sidewinder 5.2.0.03
cpe:/h:securecomputing:sidewinder:5.2.0.04Secure Computing Sidewinder 5.2.0.04
cpe:/h:securecomputing:sidewinder:5.2.0.01Secure Computing Sidewinder 5.2.0.01
cpe:/h:securecomputing:sidewinder:5.2.0.02Secure Computing Sidewinder 5.2.0.02
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2
cpe:/h:securecomputing:sidewinder:5.2Secure Computing Sidewinder 5.2
cpe:/a:avaya:intuity_audix:s3210
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1
cpe:/a:novell:edirectory:8.5Novell eDirectory 8.5
cpe:/h:sun:crypto_accelerator_4000:1.0Sun Crypto Accelerator 4000 1.0
cpe:/a:cisco:webns:6.10Cisco WebNS 6.10
cpe:/a:novell:edirectory:8.0Novell eDirectory 8.0
cpe:/a:novell:edirectory:8.7.1:sp1Novell eDirectory 8.7.1 SU1
cpe:/a:vmware:gsx_server:2.5.1VMWare GSX Server 2.5.1
cpe:/o:cisco:pix_firewall:6.2%283.100%29
cpe:/o:cisco:ios:12.1%2811b%29eCisco IOS 12.1 (11b)E
cpe:/h:avaya:converged_communications_server:2.0Avaya Converged Communications Server 2.0
cpe:/a:cisco:application_and_content_networking_softwareCisco Application and Content Networking Software
cpe:/a:cisco:css_secure_content_accelerator:2.0
cpe:/a:rsa:bsafe_ssl-j_sdk:3.1RSA BSAFE SSL-J SDK 3.1
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/a:rsa:bsafe_ssl-j_sdk:3.0RSA BSAFE SSL-J SDK 3.0
cpe:/a:redhat:openssl:0.9.7a-2::i386_dev
cpe:/a:vmware:gsx_server:2.0.1_build_2129VMWare GSX Server 2.0.1 build 2129
cpe:/a:stonesoft:stonegate:1.6.2
cpe:/a:stonesoft:stonegate:1.6.3
cpe:/h:securecomputing:sidewinder:5.2.1.02Secure Computing Sidewinder 5.2.1.02
cpe:/o:apple:mac_os_x_server:10.3.3Apple Mac OS X Server 10.3.3
cpe:/a:stonesoft:stonebeat_securitycluster:2.0
cpe:/a:vmware:gsx_server:2.0VMWare GSX Server 2.0
cpe:/a:vmware:gsx_server:3.0_build_7592VMWare GSX Server 3.0 build 7592
cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/a:stonesoft:stonebeat_securitycluster:2.5
cpe:/a:avaya:vsu:2000_r2.0.1
cpe:/h:avaya:s8700:r2.0.1
cpe:/h:avaya:s8700:r2.0.0
cpe:/o:cisco:pix_firewall:6.0
cpe:/o:cisco:pix_firewall:6.1
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:cisco:pix_firewall:6.2
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1
cpe:/o:cisco:pix_firewall:6.3
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3
cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2
cpe:/o:cisco:pix_firewall:6.3%282%29
cpe:/a:novell:edirectory:8.5.12aNovell eDirectory 8.5.12a
cpe:/a:checkpoint:provider-1:4.1Checkpoint Provider-1 4.1
cpe:/a:cisco:pix_firewall:6.2.2_.111
cpe:/h:cisco:gss_4490_global_site_selectorCisco GSS 4490 Global Site Selector
cpe:/a:cisco:webns:7.2_0.0.03Cisco WebNS 7.2 0.0.03
cpe:/a:cisco:okena_stormwatch:3.2Cisco Okena Stormwatch 3.2
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:cisco:ios:12.1%2819%29e1Cisco IOS 12.1(19)E1
cpe:/o:bluecoat:cacheos_ca_sa:4.1.10
cpe:/h:avaya:sg200:4.4Avaya SG200 4.4
cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1
cpe:/a:avaya:intuity_audix:s3400
cpe:/o:hp:hp-ux:11.23HP-UX 11i v2
cpe:/a:cisco:webns:6.10_b4Cisco WebNS 6.10 B4
cpe:/a:checkpoint:vpn-1:next_generation
cpe:/a:stonesoft:stonegate:1.7.1
cpe:/a:stonesoft:stonegate:1.7.2
cpe:/o:bluecoat:cacheos_ca_sa:4.1.12
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3
cpe:/a:avaya:vsu:5000_r2.0.1
cpe:/a:avaya:vsu:10000_r2.0.1
cpe:/a:cisco:access_registrarCisco Access Registrar
cpe:/o:cisco:pix_firewall:6.0%282%29
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/h:bluecoat:proxysgBlue Coat Systems ProxySG
cpe:/h:securecomputing:sidewinder:5.2.1Secure Computing Sidewinder 5.2.1
cpe:/a:neoteris:instant_virtual_extranet:3.3.1
cpe:/o:cisco:pix_firewall:6.0%281%29
cpe:/a:hp:wbem:a.01.05.08HP WBEM A.01.05.08
cpe:/h:cisco:firewall_services_module:2.1_%280.208%29Cisco Firewall Services Module 2.1 (0.208)
cpe:/a:avaya:vsu:7500_r2.0.1
cpe:/o:freebsd:freebsd:5.1:release
cpe:/a:stonesoft:stonegate:1.5.17
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/h:avaya:sg5:4.4Avaya SG5 4.4
cpe:/a:avaya:intuity_audix:::lx
cpe:/h:avaya:sg5:4.2Avaya SG5 4.2
cpe:/h:avaya:sg5:4.3Avaya SG5 4.3
cpe:/h:avaya:sg208:4.4Avaya SG208 4.4
cpe:/h:avaya:sg203:4.4Avaya SG203 4.4
cpe:/o:cisco:ios:12.2zaCisco IOS 12.2ZA
cpe:/a:stonesoft:stonegate_vpn_client:2.0
cpe:/a:redhat:openssl:0.9.7a-2::i386_perl
cpe:/a:stonesoft:stonebeat_fullcluster:2.0
cpe:/h:cisco:mds_9000Cisco MDS 9000
cpe:/h:cisco:firewall_services_moduleCisco Firewall Services Module
cpe:/a:vmware:gsx_server:2.5.1_build_5336VMWare GSX Server 2.5.1 build 5336
cpe:/o:sco:openserver:5.0.7
cpe:/a:stonesoft:stonebeat_fullcluster:2.5
cpe:/h:avaya:s8500:r2.0.0
cpe:/a:novell:imanager:1.5Novell iManager 1.5
cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1RSA BSAFE SSL-J SDK 3.0.1
cpe:/h:avaya:s8500:r2.0.1
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/h:cisco:firewall_services_module:1.1_%283.005%29Cisco Firewall Services Module 1.1 (3.005)
cpe:/h:hp:aaa_serverHP AAA Server
cpe:/o:cisco:ios:12.2syCisco IOS 12.2SY
cpe:/a:openssl:openssl:0.9.7OpenSSL Project OpenSSL 0.9.7
cpe:/a:novell:edirectory:8.7Novell eDirectory 8.7
cpe:/h:cisco:secure_content_accelerator:10000
cpe:/a:stonesoft:stonegate:2.2.4
cpe:/h:cisco:call_managerCisco Call Manager
cpe:/a:cisco:css_secure_content_accelerator:1.0
cpe:/a:cisco:webns:7.10_.0.06sCisco WebNS 7.10 .0.06s
cpe:/a:stonesoft:stonebeat_fullcluster:3.0
cpe:/o:sco:openserver:5.0.6
cpe:/a:hp:wbem:a.02.00.00HP WBEM A.02.00.00
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:cisco:ios:12.1%2813%29e9Cisco IOS 12.1(13)E9
cpe:/a:stonesoft:servercluster:2.5.2
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:cisco:pix_firewall:6.1%283%29
cpe:/a:stonesoft:stonegate:1.5.18
cpe:/a:stonesoft:stonebeat_webcluster:2.0
cpe:/a:stonesoft:stonegate:2.2.1
cpe:/a:stonesoft:stonebeat_webcluster:2.5
cpe:/a:hp:wbem:a.02.00.01HP WBEM A.02.00.01
cpe:/a:redhat:openssl:0.9.7a-2::i386
cpe:/o:cisco:ios:12.1%2811b%29e14Cisco IOS 12.1 (11b)E14
cpe:/o:cisco:pix_firewall:6.1%282%29
cpe:/a:checkpoint:firewall-1:next_generation_fp1
cpe:/a:checkpoint:firewall-1:next_generation_fp2
cpe:/a:checkpoint:vpn-1:next_generation_fp0
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2
cpe:/a:checkpoint:firewall-1:next_generation_fp0
cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1
cpe:/h:avaya:sg200:4.31.29
cpe:/a:checkpoint:vpn-1:next_generation_fp1
cpe:/a:stonesoft:servercluster:2.5
cpe:/h:avaya:sg203:4.31.29
cpe:/a:avaya:intuity_audix:5.1.46Avaya Intuity R5 R5.1.46
cpe:/h:cisco:firewall_services_module:1.1.2Cisco Firewall Services Module 1.1.2
cpe:/o:cisco:pix_firewall:6.0%284%29
cpe:/h:cisco:firewall_services_module:1.1.3Cisco Firewall Services Module 1.1.3
cpe:/a:cisco:webns:7.1_0.1.02Cisco WebNS 7.1 0.1.02
cpe:/o:cisco:pix_firewall:6.1%281%29
cpe:/a:4d:webstar:5.3.1
cpe:/a:4d:webstar:4.0
cpe:/o:cisco:pix_firewall:6.3%283.102%29
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:cisco:ios:12.1%2811b%29e12Cisco IOS 12.1 (11b)E12
cpe:/h:avaya:s8300:r2.0.1
cpe:/h:avaya:s8300:r2.0.0
cpe:/a:novell:edirectory:8.5.27Novell eDirectory 8.5.27
cpe:/a:checkpoint:provider-1:4.1:sp4Checkpoint Provider-1 4.1 SP4
cpe:/a:checkpoint:firewall-1:2.0::gx
cpe:/a:checkpoint:provider-1:4.1:sp3Checkpoint Provider-1 4.1 SP3
cpe:/a:checkpoint:provider-1:4.1:sp2Checkpoint Provider-1 4.1 SP2
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:cisco:webns:7.1_0.2.06Cisco WebNS 7.1 0.2.06
cpe:/a:stonesoft:stonegate:2.0.6
cpe:/a:avaya:vsu:100_r2.0.1
cpe:/a:checkpoint:provider-1:4.1:sp1Checkpoint Provider-1 4.1 SP1
cpe:/o:cisco:pix_firewall:6.0%283%29
cpe:/a:avaya:vsu:500
cpe:/h:hp:apache-based_web_server:2.0.43.00HP Apache-Based Web Server 2.0.43.00
cpe:/a:openssl:openssl:0.9.7aOpenSSL Project OpenSSL 0.9.7a
cpe:/a:openssl:openssl:0.9.7cOpenSSL Project OpenSSL 0.9.7c
cpe:/a:cisco:css11000_content_services_switch
cpe:/a:openssl:openssl:0.9.7bOpenSSL Project OpenSSL 0.9.7b
cpe:/a:cisco:threat_responseCisco Threat Response
cpe:/a:cisco:webns:7.10Cisco WebNS 7.10
cpe:/o:cisco:pix_firewall:6.0%284.101%29
cpe:/h:hp:apache-based_web_server:2.0.43.04HP Apache-Based Web Server 2.0.43.04
cpe:/o:cisco:pix_firewall:6.3%283.109%29
cpe:/a:stonesoft:stonegate_vpn_client:1.7.2
cpe:/a:stonesoft:stonegate_vpn_client:1.7
cpe:/h:cisco:content_services_switch_11500Cisco Content Service Switch 11500
cpe:/a:sgi:propack:2.3SGI ProPack 2.3
cpe:/a:4d:webstar:5.2
cpe:/o:cisco:pix_firewall:6.3%281%29
cpe:/a:sgi:propack:2.4SGI ProPack 2.4
cpe:/a:stonesoft:stonegate:2.0.5
cpe:/a:novell:imanager:2.0Novell iManager 2.0
cpe:/a:stonesoft:stonegate:2.0.4
cpe:/a:4d:webstar:5.3
cpe:/a:stonesoft:stonegate:2.0.9
cpe:/o:hp:hp-ux:8.05HP HP-UX 8.5
cpe:/a:novell:edirectory:8.7.1Novell eDirectory 8.7.1
cpe:/a:stonesoft:stonegate:2.0.7
cpe:/a:stonesoft:stonegate:2.0.8
cpe:/a:stonesoft:stonegate:2.0.1
cpe:/a:openssl:openssl:0.9.7:beta3OpenSSL Project OpenSSL 0.9.7 beta3
cpe:/a:openssl:openssl:0.9.7:beta2OpenSSL Project OpenSSL 0.9.7 beta2
cpe:/a:openssl:openssl:0.9.7:beta1OpenSSL Project OpenSSL 0.9.7 beta1
cpe:/a:cisco:ciscoworks_common_management_foundation:2.1Cisco CiscoWorks Common Management Foundation 2.1
cpe:/o:cisco:pix_firewall:6.2%283%29
cpe:/a:avaya:vsu:5
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2
cpe:/a:neoteris:instant_virtual_extranet:3.1
cpe:/o:cisco:ios:12.2%2814%29syCisco IOS 12.2 (14)SY
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1
cpe:/a:neoteris:instant_virtual_extranet:3.2
cpe:/a:stonesoft:stonegate_vpn_client:2.0.8
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/a:stonesoft:stonegate_vpn_client:2.0.9
cpe:/a:tarantella:tarantella_enterprise:3.20
cpe:/a:stonesoft:stonegate_vpn_client:2.0.7
cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3
cpe:/a:stonesoft:stonegate:1.7
cpe:/o:openbsd:openbsd:3.3OpenBSD 3.3
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4
cpe:/a:neoteris:instant_virtual_extranet:3.0
cpe:/o:cisco:pix_firewall:6.1%285%29
cpe:/a:neoteris:instant_virtual_extranet:3.3
cpe:/a:openssl:openssl:0.9.6kOpenSSL Project OpenSSL 0.9.6k
cpe:/o:cisco:pix_firewall:6.2%282%29
cpe:/o:redhat:linux:8.0Red Hat Linux 8.0
cpe:/a:redhat:openssl:0.9.6b-3::i386
cpe:/a:avaya:vsu:5x
cpe:/a:openssl:openssl:0.9.6hOpenSSL Project OpenSSL 0.9.6h
cpe:/a:openssl:openssl:0.9.6gOpenSSL Project OpenSSL 0.9.6g
cpe:/o:cisco:ios:12.1%2811%29eCisco IOS 12.1 (11)E
cpe:/a:checkpoint:firewall-1:::vsx-ng-ai
cpe:/a:openssl:openssl:0.9.6jOpenSSL Project OpenSSL 0.9.6j
cpe:/a:openssl:openssl:0.9.6iOpenSSL Project OpenSSL 0.9.6i
cpe:/a:openssl:openssl:0.9.6dOpenSSL Project OpenSSL 0.9.6d
cpe:/a:openssl:openssl:0.9.6cOpenSSL Project OpenSSL 0.9.6c
cpe:/a:novell:edirectory:8.6.2Novell eDirectory 8.6.2
cpe:/a:openssl:openssl:0.9.6fOpenSSL Project OpenSSL 0.9.6f
cpe:/a:openssl:openssl:0.9.6eOpenSSL Project OpenSSL 0.9.6e
cpe:/a:tarantella:tarantella_enterprise:3.30
cpe:/a:cisco:ciscoworks_common_services:2.2Cisco CiscoWorks Common Services 2.2
cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:902Red Hat OpenSSL Improper Unknown Message Handling Vulnerability
oval:org.mitre.oval:def:871Red Hat Enterprise 3 OpenSSL Improper Unknown Message Handling Vulnerability
oval:org.mitre.oval:def:11755OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infi...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0081
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-078
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
(UNKNOWN)  SCO  SCOSA-2004.10
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
(UNKNOWN)  SGI  20040304-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
(UNKNOWN)  CONECTIVA  CLA-2004:834
http://fedoranews.org/updates/FEDORA-2004-095.shtml
(UNKNOWN)  FEDORA  FEDORA-2004-095
http://marc.info/?l=bugtraq&m=107955049331965&w=2
(UNKNOWN)  BUGTRAQ  20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]
http://marc.info/?l=bugtraq&m=108403850228012&w=2
(UNKNOWN)  BUGTRAQ  20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
http://rhn.redhat.com/errata/RHSA-2004-119.html
(UNKNOWN)  REDHAT  RHSA-2004:119
http://security.gentoo.org/glsa/glsa-200403-03.xml
(UNKNOWN)  GENTOO  GLSA-200403-03
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
(UNKNOWN)  SUNALERT  57524
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
(UNKNOWN)  CISCO  20040317 Cisco OpenSSL Implementation Vulnerability
http://www.debian.org/security/2004/dsa-465
(UNKNOWN)  DEBIAN  DSA-465
http://www.kb.cert.org/vuls/id/465542
(VENDOR_ADVISORY)  CERT-VN  VU#465542
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
(UNKNOWN)  ENGARDE  ESA-20040317-003
http://www.redhat.com/support/errata/RHSA-2004-120.html
(UNKNOWN)  REDHAT  RHSA-2004:120
http://www.redhat.com/support/errata/RHSA-2004-121.html
(UNKNOWN)  REDHAT  RHSA-2004:121
http://www.redhat.com/support/errata/RHSA-2004-139.html
(UNKNOWN)  REDHAT  RHSA-2004:139
http://www.securityfocus.com/bid/9899
(VENDOR_ADVISORY)  BID  9899
http://www.trustix.org/errata/2004/0012
(UNKNOWN)  TRUSTIX  2004-0012
http://www.uniras.gov.uk/vuls/2004/224012/index.htm
(UNKNOWN)  MISC  http://www.uniras.gov.uk/vuls/2004/224012/index.htm
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
(UNKNOWN)  CERT  TA04-078A
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
(UNKNOWN)  XF  openssl-tls-dos(15509)

- 漏洞信息

多个Oracle高危险漏洞
中危 未知
2004-11-23 00:00:00 2006-09-20 00:00:00
远程※本地  
        
        Oracle是一款大型数据库软件。
        Oracle中存在多个漏洞,影响Oracle产品的所有安全属性,可能构成本地或远程威胁。有些漏洞可能需要各种级别的认证才能利用,但也有些漏洞不需任何认证。攻击者可能利用这些漏洞完全控制受影响的数据库。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf

- 漏洞信息

4318
OpenSSL TLS Infinite Loop DoS
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when unknown TLS message types are sent to it, which creates an infinite loop and will result in loss of availability for OpenSSL or the application using it.

- 时间线

2004-03-17 Unknow
2004-03-17 Unknow

- 解决方案

Upgrade to version 0.9.6d or higher and recompile all applications statically linked with OpenSSL, as this has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站