FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0079

This CVE name corresponds to:

Entered Topic
2004-03-17 OpenSSL ChangeCipherSpec denial-of-service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0079 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0079
Phase Assigned(20040119)

Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

References

Source Reference
BUGTRAQ 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]
CONFIRM http://www.openssl.org/news/secadv_20040317.txt
MISC http://www.uniras.gov.uk/vuls/2004/224012/index.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm
CONFIRM http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US
CISCO 20040317 Cisco OpenSSL Implementation Vulnerability
APPLE APPLE-SA-2005-08-15
APPLE APPLE-SA-2005-08-17
CONECTIVA CLA-2004:834
DEBIAN DSA-465
ENGARDE ESA-20040317-003
FEDORA FEDORA-2004-095
FEDORA FEDORA-2005-1042
FREEBSD FreeBSD-SA-04:05
GENTOO GLSA-200403-03
HP SSRT4717
MANDRAKE MDKSA-2004:023
NETBSD NetBSD-SA2004-005
REDHAT RHSA-2004:120
REDHAT RHSA-2004:121
REDHAT RHSA-2004:139
REDHAT RHSA-2005:830
REDHAT RHSA-2005:829
SCO SCOSA-2004.10
SLACKWARE SSA:2004-077
SUSE SuSE-SA:2004:007
SUNALERT 57524
TRUSTIX 2004-0012
CONFIRM http://docs.info.apple.com/article.html?artnum=61798
CONFIRM http://lists.apple.com/mhonarc/security-announce/msg00045.html
CERT TA04-078A
CERT-VN VU#288574
CIAC O-101
BID 9899
OVAL oval:org.mitre.oval:def:2621
OVAL oval:org.mitre.oval:def:870
OVAL oval:org.mitre.oval:def:975
OVAL oval:org.mitre.oval:def:5770
OVAL oval:org.mitre.oval:def:9779
SECUNIA 11139
SECUNIA 17401
SECUNIA 17381
SECUNIA 17398
SECUNIA 18247
XF openssl-dochangecipherspec-dos(15505)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.