ID CVE-2003-0543
Summary Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.6
    cpe:2.3:a:openssl:openssl:0.9.6
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Brute forcer for OpenSSL ASN.1 parsing bugs (. CVE-2003-0543. Dos exploits for multiple platform
id EDB-ID:146
last seen 2016-01-31
modified 2003-10-09
published 2003-10-09
reporter Bram Matthys
source https://www.exploit-db.com/download/146/
title OpenSSL ASN.1<= 0.9.6j <= 0.9.7b - Brute Forcer for Parsing Bugs
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30056.NASL
    description s700_800 11.04 Virtualvault 4.7 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17512
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17512
    title HP-UX PHSS_30056 : s700_800 11.04 Virtualvault 4.7 OWS update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-393.NASL
    description Dr. Stephen Henson (), using a test suite provided by NISCC (), discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service (DoS) condition on a system using the OpenSSL code, depending on how that code is used. For example, even though apache-ssl and ssh link to OpenSSL libraries, they should not be affected by this vulnerability. However, other SSL-enabled applications may be vulnerable and an OpenSSL upgrade is recommended.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15230
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15230
    title Debian DSA-393-1 : openssl - denial of service
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-293.NASL
    description Updated OpenSSL packages are available that fix ASN.1 parsing vulnerabilities. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully crafted SSL client certificate to an application. The effects of such an attack vary depending on the application targetted; against Apache the effects are limited, as the attack would only cause child processes to die and be replaced. An attack against other applications that use OpenSSL could result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2003-0543 and CVE-2003-0544 to this issue. These erratum packages contain a patch provided by the OpenSSL group that protects against this issue. Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or reboot their systems after installing these updates. Red Hat would like to thank NISCC and Stephen Henson for their work on this vulnerability. These packages also include a patch from OpenSSL 0.9.6f which removes the calls to abort the process in certain circumstances. Red Hat would like to thank Patrik Hornik for notifying us of this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12425
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12425
    title RHEL 2.1 : openssl (RHSA-2003:293)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_6K.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6k. A remote attacker can trigger a denial of service by using an invalid client certificate.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17748
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17748
    title OpenSSL < 0.9.6k Denial of Service
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29691.NASL
    description s700_800 11.04 Virtualvault 4.6 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17507
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17507
    title HP-UX PHSS_29691 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
  • NASL family Misc.
    NASL id SSLTEST.NASL
    description The remote host seems to be running a version of OpenSSL that is older than 0.9.6k or 0.9.7c. There is a heap corruption bug in this version that might be exploited by an attacker to execute arbitrary code on the remote host with the privileges of the remote service.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 11875
    published 2003-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11875
    title OpenSSL ASN.1 Parser Multiple Remote DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2003_043.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2003:043 (openssl). OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution. There are two problems with ASN.1 encoding that can be triggered either by special ASN.1 encodings or by special ASN.1 tags. In debugging mode public key decoding errors can be ignored but also lead to a crash of the verify code if an invalid public key was received from the client. A mistake in the SSL/TLS protocol handling will make the server accept client certificates even if they are not requested. This bug makes it possible to exploit the bugs mentioned above even if client authentication is disabled. There is not other solution known to this problem then updating to the current version from our FTP servers. To make this update effective, restart all servers using openssl please. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 13811
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13811
    title SUSE-SA:2003:043: openssl
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_31726.NASL
    description s700_800 11.23 Bind 9.2.0 components : 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. More details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. More details are available at: CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16912
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16912
    title HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29894.NASL
    description s700_800 11.04 Webproxy server 2.0 update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 16588
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16588
    title HP-UX PHSS_29894 : s700_800 11.04 Webproxy server 2.0 update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-098.NASL
    description Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CVE-2003-0543 and CVE-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CVE-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14080
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14080
    title Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30055.NASL
    description s700_800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29. - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17511
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17511
    title HP-UX PHSS_30055 : s700_800 11.04 Virtualvault 4.7 IWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30058.NASL
    description s700_800 11.04 Webproxy server 2.1 update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt. - Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17514
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17514
    title HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30057.NASL
    description s700_800 11.04 Virtualvault 4.7 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17513
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17513
    title HP-UX PHSS_30057 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29690.NASL
    description s700_800 11.04 Virtualvault 4.5 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 16631
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16631
    title HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29893.NASL
    description s700_800 11.04 Virtualvault 4.6 IWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17510
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17510
    title HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-394.NASL
    description Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC). A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0543 : Integer overflow in OpenSSL that allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. - CAN-2003-0544 : OpenSSL does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. - CAN-2003-0545 : Double-free vulnerability allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. This bug was only present in OpenSSL 0.9.7 and is listed here only for reference.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15231
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15231
    title Debian DSA-394-1 : openssl095 - ASN.1 parsing vulnerability
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29891.NASL
    description s700_800 11.04 Virtualvault 4.6 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17508
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17508
    title HP-UX PHSS_29891 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
  • NASL family Web Servers
    NASL id OPENSSL_0_9_7C.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7c. A remote attacker could trigger a denial of service or even execute arbitrary code by using an invalid client certificate.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17753
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17753
    title OpenSSL < 0.9.7c ASN.1 Decoding Vulnerabilities
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_29892.NASL
    description s700_800 11.04 Virtualvault 4.5 IWS Update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 17509
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17509
    title HP-UX PHSS_29892 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
oval via4
  • accepted 2014-08-18T04:05:55.650-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    description Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
    family unix
    id oval:org.mitre.oval:def:4254
    status accepted
    submitted 2004-10-19T03:10:00.000-04:00
    title OpenSSL Integer Overflow Vulnerability
    version 33
  • accepted 2008-09-08T04:00:21.069-04:00
    class vulnerability
    contributors
    name Yuzheng Zhou
    organization Hewlett-Packard
    description Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
    family ios
    id oval:org.mitre.oval:def:5292
    status accepted
    submitted 2008-05-02T11:06:36.000-04:00
    title Multiple Vendor OpenSSL 0.9.6, 0.9.7 ASN.1 Vulnerabilities
    version 3
redhat via4
advisories
  • rhsa
    id RHSA-2003:291
  • rhsa
    id RHSA-2003:292
refmap via4
bid 8732
cert CA-2003-26
cert-vn VU#255484
confirm
debian
  • DSA-393
  • DSA-394
engarde ESA-20030930-027
fulldisc 20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
misc http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
secunia 22249
sunalert 201029
vulnwatch 20030929 Vulnerability Issues in OpenSSL
vupen ADV-2006-3900
statements via4
contributor Mark J Cox
lastmodified 2008-07-07
organization Red Hat
statement For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
Last major update 07-03-2011 - 21:12
Published 17-11-2003 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top