Debian DSA 394-1 Critical ASN.1 Remote Exploit in OpenSSL
debian
October 13, 2003
teve Henson of the OpenSSL core team identified and prepared fixesfor a number of vulnerabilities in the OpenSSL ASN1 code that werediscovered after running a test suite by British...
Topics Covered
Summary
Steve Henson of the OpenSSL core team identified and prepared fixes
for a number of vulnerabilities in the OpenSSL ASN1 code that were
discovered after running a test suite by British National
Infrastructure Security Coordination Centre (NISCC).
A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CAN-2003-0543:
Integer overflow in OpenSSL that allows remote attackers to cause a
denial of service (crash) via an SSL client certificate with
certain ASN.1 tag values.
CAN-2003-0544:
OpenSSL does not properly track the number of characters in certain
ASN.1 inputs, which allows remote attackers to cause a denial of
service (crash) via an SSL client certificate that causes OpenSSL
to read past the end of a buffer when the long form is used.
CAN-2003-0545:
Double-free vulnerability a...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl095
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!