cvelistv5 - cve-2002-0659

cve-2002-0659

Vulnerability from cvelistv5

Published

2002-07-31 04:00

Modified

2024-08-08 02:56

Severity ?

Summary

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

References

URL	Tags
cve@mitre.org	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
cve@mitre.org	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
cve@mitre.org	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2002-160.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2002-161.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2002-164.html
cve@mitre.org	http://www.cert.org/advisories/CA-2002-23.html	US Government Resource
cve@mitre.org	http://www.iss.net/security_center/static/9718.php
cve@mitre.org	http://www.kb.cert.org/vuls/id/748355	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/5366
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2002-160.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2002-161.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2002-164.html
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-23.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/9718.php
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/748355	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/5366

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2002:164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
          },
          {
            "name": "RHSA-2002:161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
          },
          {
            "name": "VU#748355",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/748355"
          },
          {
            "name": "CSSA-2002-033.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "CA-2002-23",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "RHSA-2002:160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
          },
          {
            "name": "CSSA-2002-033.1",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "openssl-asn1-parser-dos(9718)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9718.php"
          },
          {
            "name": "CLA-2002:516",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
          },
          {
            "name": "5366",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5366"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-08-01T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2002:164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
        },
        {
          "name": "RHSA-2002:161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
        },
        {
          "name": "VU#748355",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/748355"
        },
        {
          "name": "CSSA-2002-033.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
        },
        {
          "name": "CA-2002-23",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-23.html"
        },
        {
          "name": "RHSA-2002:160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
        },
        {
          "name": "CSSA-2002-033.1",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
        },
        {
          "name": "openssl-asn1-parser-dos(9718)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9718.php"
        },
        {
          "name": "CLA-2002:516",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
        },
        {
          "name": "5366",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5366"
        },
        {
          "name": "FreeBSD-SA-02:33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2002:164",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
            },
            {
              "name": "RHSA-2002:161",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
            },
            {
              "name": "VU#748355",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/748355"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "RHSA-2002:160",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "openssl-asn1-parser-dos(9718)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9718.php"
            },
            {
              "name": "CLA-2002:516",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
            },
            {
              "name": "5366",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5366"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0659",
    "datePublished": "2002-07-31T04:00:00",
    "dateReserved": "2002-07-02T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-0659\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-08-12T04:00:00.000\",\"lastModified\":\"2024-11-20T23:39:34.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.\"},{\"lang\":\"es\",\"value\":\"La librer\u00eda ASN1 de Open SSL 0.9.6d y anterior, y 0.9.7-beta2 y anterior, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio por medio de codificaciones inv\u00e1lidas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D983EC-61B0-4FD9-89B5-9878E4CE4405\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC4C5F05-BC0B-478D-9A6F-7C804777BA41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDB5A09-BE86-4352-9799-A875649EDB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F03FA9C0-24C7-46AC-92EC-7834BC34C79B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E4742C-A983-4F00-B24F-AB280C0E876D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0628DF-3A4C-4078-B615-22260671EABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962FCB86-15AD-4399-8B7D-EC1DEA919C59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E3AB748-E463-445C-ABAB-4FEDDFD1878B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"660E4B8D-AABA-4520-BC4D-CF8E76E07C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD38E99A-864A-4E99-B6A5-12AACDA822E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC62E1B2-6964-4459-A1EF-A6A087C2960F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DABDE61F-A7DD-40A4-9569-8525A63BAA56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFAA0056-56FF-4D0F-8B44-066A4BFED1B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C3C821C-C479-4AAC-84EA-63C798CAB00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAF6167-65C1-4ACB-A75A-53922B64D281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B72A661-9EAA-4B9B-8865-17C8A29871BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7485BFF1-6863-4165-BE36-D656F39CF5EF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C273D1-ADFE-4B4C-B543-7B9CA741A117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC31B69-3DE1-4CF3-ADC9-CA0BF1714CBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77CC671C-6D89-4279-86F7-DDE1D4D9A0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4B77F6-E71C-45ED-96CC-7872AD2FCBF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"066ABC3B-B395-42D2-95C0-5B810F91A6F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BC19FC-6E03-4000-AE4B-232E47FA76F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421FC2DD-0CF7-44A2-A63C-5221689E2363\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8B70BC-42B7-453A-B506-7BE69D49A4B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAAC6EA5-DCB2-4A50-A8BC-25CC43FAEF9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA32F7D8-02F8-4CFE-B193-2888807BC4D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9DCDE70-07DA-4F0B-805F-6BA03D410CD6\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-160.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-161.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-164.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-23.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.iss.net/security_center/static/9718.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/748355\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/5366\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-160.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-161.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-164.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-23.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.iss.net/security_center/static/9718.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/748355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/5366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2002_163

Vulnerability from csaf_redhat

Published

2002-08-08 09:20

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: openssl, mm security update for Stronghold

Notes

Topic

Updated Apache packages are available which fix several serious buffer overflow vulnerabilities in OpenSSL and a local privilege escalation vulnerability in MM.

Details

Note: Please read the "Solution" section below as there are special upgrade instructions for this errata. ----------- OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A security audit of the OpenSSL code sponsored by DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7 and 0.9.6d and earlier: 1. The master key supplied by a client to an SSL version 2 server could be oversized, causing a stack-based buffer overflow. This issue is remotely exploitable. Services that have SSLv2 disabled would not be vulnerable to this issue. (CAN-2002-0656) 2. The SSLv3 session ID supplied to a client from a malicious server could be oversized and overrun a buffer. This issue looks to be remotely exploitable. (CAN-2002-0656) 3. Various buffers used for storing ASCII representations of integers were too small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655) A further issue was found in OpenSSL 0.9.7 that does not affect versions of OpenSSL included in Stronghold (CAN-2002-0657). The MM library provides an abstraction layer which allows related processes to easily share data. On systems where shared memory or other inter-process communication mechanisms are not available, the MM library will emulate them using temporary files. MM is used in Stronghold to providing shared memory pools to Apache modules. Versions of MM up to and including 1.1.3 open temporary files in an unsafe manner, allowing a malicious local user to cause an application which uses MM to overwrite any file to which it has write access. (CAN-2002-0658) All users are advised to upgrade to these errata packages which contain a patched version of MM that is not vulnerable to this issue. Thanks go to the OpenSSL team, Ben Laurie, and Marcus Meissner for providing patches for these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Apache packages are available which fix several serious buffer\noverflow vulnerabilities in OpenSSL and a local privilege escalation\nvulnerability in MM.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Note:\n\nPlease read the \"Solution\" section below as there are special upgrade\ninstructions for this errata.\n\n-----------\n\nOpenSSL is a commercial-grade, full-featured, and Open Source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library. A security audit of the OpenSSL code sponsored by\nDARPA found several buffer overflows in OpenSSL which affect versions 0.9.7\nand 0.9.6d and earlier:\n\n1. The master key supplied by a client to an SSL version 2 server could be\noversized, causing a stack-based buffer overflow. This issue is remotely\nexploitable. Services that have SSLv2 disabled would not be vulnerable to\nthis issue. (CAN-2002-0656)\n\n2. The SSLv3 session ID supplied to a client from a malicious server could\nbe oversized and overrun a buffer. This issue looks to be remotely\nexploitable. (CAN-2002-0656)\n\n3. Various buffers used for storing ASCII representations of integers were\ntoo small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655)\n\nA further issue was found in OpenSSL 0.9.7 that does not affect versions of\nOpenSSL included in Stronghold (CAN-2002-0657).\n\nThe MM library provides an abstraction layer which allows related processes\nto easily share data. On systems where shared memory or other\ninter-process communication mechanisms are not available, the MM library\nwill emulate them using temporary files. MM is used in Stronghold to\nproviding shared memory pools to Apache modules.\n\nVersions of MM up to and including 1.1.3 open temporary files in an unsafe\nmanner, allowing a malicious local user to cause an application which uses\nMM to overwrite any file to which it has write access. (CAN-2002-0658)\n\nAll users are advised to upgrade to these errata packages which contain a\npatched version of MM that is not vulnerable to this issue.\n\nThanks go to the OpenSSL team, Ben Laurie, and Marcus Meissner for\nproviding patches for these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:163",
        "url": "https://access.redhat.com/errata/RHSA-2002:163"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_163.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl, mm security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:42+00:00",
      "generator": {
        "date": "2024-11-21T22:26:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:163",
      "initial_release_date": "2002-08-08T09:20:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-08T09:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-31T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0655",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0655"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0655"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-08T09:20:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL \nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions.\n\nDue to a bug in the update agent, users of Solaris on Intel platforms\nshould create a file \"conf/update-agent.conf\" in the install root,\ncontaining the following two lines:\n\n[agent]\nignore: RPMPROB_FILTER_IGNOREARCH\n\nAfter the appropriate updates have been applied, it will be necessary to\nmanually restart the server with the following commands:\n\n  $ bin/stop-server\n  $ bin/start-server",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:163"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0656",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0656"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0656"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-08T09:20:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL \nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions.\n\nDue to a bug in the update agent, users of Solaris on Intel platforms\nshould create a file \"conf/update-agent.conf\" in the install root,\ncontaining the following two lines:\n\n[agent]\nignore: RPMPROB_FILTER_IGNOREARCH\n\nAfter the appropriate updates have been applied, it will be necessary to\nmanually restart the server with the following commands:\n\n  $ bin/stop-server\n  $ bin/start-server",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:163"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0658",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616790"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0658"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616790",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616790"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0658"
        }
      ],
      "release_date": "2002-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-08T09:20:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL \nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions.\n\nDue to a bug in the update agent, users of Solaris on Intel platforms\nshould create a file \"conf/update-agent.conf\" in the install root,\ncontaining the following two lines:\n\n[agent]\nignore: RPMPROB_FILTER_IGNOREARCH\n\nAfter the appropriate updates have been applied, it will be necessary to\nmanually restart the server with the following commands:\n\n  $ bin/stop-server\n  $ bin/start-server",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:163"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-08T09:20:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL \nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions.\n\nDue to a bug in the update agent, users of Solaris on Intel platforms\nshould create a file \"conf/update-agent.conf\" in the install root,\ncontaining the following two lines:\n\n[agent]\nignore: RPMPROB_FILTER_IGNOREARCH\n\nAfter the appropriate updates have been applied, it will be necessary to\nmanually restart the server with the following commands:\n\n  $ bin/stop-server\n  $ bin/start-server",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:163"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002_164

Vulnerability from csaf_redhat

Published

2002-07-31 15:58

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: openssl, mm, mod_ssl security update for Stronghold

Notes

Topic

A new Stronghold 3 release is available which fixes several serious buffer overflow vulnerabilities in OpenSSL, and local privilege escalation vulnerabilities in MM and mod_ssl.

Details

OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A security audit of the OpenSSL code sponsored by DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7 and 0.9.6d and earlier: 1. The master key supplied by a client to an SSL version 2 server could be oversized, causing a stack-based buffer overflow. This issue is remotely exploitable. Services that have SSLv2 disabled would not be vulnerable to this issue. (CAN-2002-0656) 2. The SSLv3 session ID supplied to a client from a malicious server could be oversized and overrun a buffer. This issue looks to be remotely exploitable. (CAN-2002-0656) 3. Various buffers used for storing ASCII representations of integers were too small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655) A further issue was found in OpenSSL 0.9.7 that does not affect versions of OpenSSL included in Stronghold (CAN-2002-0657). The MM library provides an abstraction layer which allows related processes to easily share data. On systems where shared memory or other inter-process communication mechanisms are not available, the MM library will emulate them using temporary files. MM is used in Stronghold to providing shared memory pools to Apache modules. Versions of MM up to and including 1.1.3 open temporary files in an unsafe manner, allowing a malicious local user to cause an application which uses MM to overwrite any file to which it has write access. (CAN-2002-0658) All users are advised to upgrade to the new release which contains a patched version of MM that is not vulnerable to this issue. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single NUL byte overflow that can cause arbitrary code execution. (CAN-2002-0653) In order to exploit this vulnerability, the Apache Web server has to be configured to allow overriding of configuration settings on a per-directory basis, and untrusted local users must be able to modify a directory in which the server is configured to allow overriding. The local attacker may then become the user that Apache is running as (usually 'www' or 'nobody'). Thanks go to the OpenSSL team, Ben Laurie, and Marcus Meissner for providing patches for these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new Stronghold 3 release is available which fixes several serious buffer\noverflow vulnerabilities in OpenSSL, and local privilege escalation\nvulnerabilities in MM and mod_ssl.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library. A security audit of the OpenSSL code sponsored by\nDARPA found several buffer overflows in OpenSSL which affect versions 0.9.7\nand 0.9.6d and earlier:\n\n1. The master key supplied by a client to an SSL version 2 server could be\noversized, causing a stack-based buffer overflow. This issue is remotely\nexploitable. Services that have SSLv2 disabled would not be vulnerable to\nthis issue. (CAN-2002-0656)\n\n2. The SSLv3 session ID supplied to a client from a malicious server could\nbe oversized and overrun a buffer. This issue looks to be remotely\nexploitable. (CAN-2002-0656)\n\n3. Various buffers used for storing ASCII representations of integers were\ntoo small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655)\n\nA further issue was found in OpenSSL 0.9.7 that does not affect versions of\nOpenSSL included in Stronghold (CAN-2002-0657).\n\nThe MM library provides an abstraction layer which allows related processes\nto easily share data. On systems where shared memory or other\ninter-process communication mechanisms are not available, the MM library\nwill emulate them using temporary files. MM is used in Stronghold to\nproviding shared memory pools to Apache modules.\n\nVersions of MM up to and including 1.1.3 open temporary files in an unsafe\nmanner, allowing a malicious local user to cause an application which uses\nMM to overwrite any file to which it has write access. (CAN-2002-0658)\n\nAll users are advised to upgrade to the new release which contains a\npatched version of MM that is not vulnerable to this issue.\n\nThe mod_ssl module provides strong cryptography for the Apache Web\nserver via the Secure Sockets Layer (SSL) and Transport Layer Security\n(TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a\nsingle NUL byte overflow that can cause arbitrary code execution.\n(CAN-2002-0653)\n\nIn order to exploit this vulnerability, the Apache Web server has to be\nconfigured to allow overriding of configuration settings on a per-directory\nbasis, and untrusted local users must be able to modify a directory in\nwhich the server is configured to allow overriding. The local attacker may\nthen become the user that Apache is running as (usually \u0027www\u0027 or \u0027nobody\u0027).\n\nThanks go to the OpenSSL team, Ben Laurie, and Marcus Meissner for\nproviding patches for these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:164",
        "url": "https://access.redhat.com/errata/RHSA-2002:164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_164.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl, mm, mod_ssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:46+00:00",
      "generator": {
        "date": "2024-11-21T22:26:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:164",
      "initial_release_date": "2002-07-31T15:58:00+00:00",
      "revision_history": [
        {
          "date": "2002-07-31T15:58:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-31T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 3",
                "product": {
                  "name": "Red Hat Stronghold 3",
                  "product_id": "Red Hat Stronghold 3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0653",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0653"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0653"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0653",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0653"
        }
      ],
      "release_date": "2002-06-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-31T15:58:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL, mod_ssl\nand mm included in Stronghold 3.  Stronghold 3.0 build code 3018 is now\navailable which includes these fixes, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0655",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0655"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0655"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-31T15:58:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL, mod_ssl\nand mm included in Stronghold 3.  Stronghold 3.0 build code 3018 is now\navailable which includes these fixes, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0656",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0656"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0656"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-31T15:58:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL, mod_ssl\nand mm included in Stronghold 3.  Stronghold 3.0 build code 3018 is now\navailable which includes these fixes, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0658",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616790"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0658"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616790",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616790"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0658"
        }
      ],
      "release_date": "2002-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-31T15:58:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL, mod_ssl\nand mm included in Stronghold 3.  Stronghold 3.0 build code 3018 is now\navailable which includes these fixes, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-31T15:58:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL, mod_ssl\nand mm included in Stronghold 3.  Stronghold 3.0 build code 3018 is now\navailable which includes these fixes, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002_193

Vulnerability from csaf_redhat

Published

2002-09-02 12:10

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: openssl security update for Stronghold

Notes

Topic

A new Stronghold 4 release is available which contains an updated fix for the OpenSSL ASN1 vulnerability.

Details

OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. The OpenSSL group found an issue in the patch that was released to fix the previous vulnerability in the ASN.1 routines (RHSA-2002-164, CAN-2002-0659). The previous patch did not completely eliminate the initial vulnerability and could lead to Denial of Service (DoS) attacks against a server. It has not been verified if this issue could lead to further consequences, such as remote code execution.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new Stronghold 4 release is available which contains an updated fix for\nthe OpenSSL ASN1 vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a commercial-grade, full-featured, open source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols, as well as a full-strength general purpose\ncryptography library. \n\nThe OpenSSL group found an issue in the patch that was released to fix the\nprevious vulnerability in the ASN.1 routines (RHSA-2002-164,\nCAN-2002-0659).  The previous patch did not completely eliminate the\ninitial vulnerability and could lead to Denial of Service (DoS) attacks\nagainst a server.  It has not been verified if this issue could lead to\nfurther consequences, such as remote code execution.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:193",
        "url": "https://access.redhat.com/errata/RHSA-2002:193"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_193.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:49+00:00",
      "generator": {
        "date": "2024-11-21T22:26:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:193",
      "initial_release_date": "2002-09-02T12:10:00+00:00",
      "revision_history": [
        {
          "date": "2002-09-02T12:10:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-08-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-09-02T12:10:00+00:00",
          "details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:193"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002_161

Vulnerability from csaf_redhat

Published

2002-08-05 18:59

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: openssl security update

Notes

Topic

Updated OpenSSL packages are available for Red Hat Linux Advanced Server. These updates fix multiple protocol parsing bugs, which may cause a denial of service (DoS) attack or cause SSL-enabled applications to crash. [Updated 06 Jan 2003] Added fixed packages for the ia64 architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1

Details

OpenSSL is a commercial-grade, full-featured, and open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Portions of the SSL protocol data stream, which include the lengths of structures which are being transferred, may not be properly validated. This may allow a malicious server or client to cause an affected application to crash or enter an infinite loop, which can be used as a denial of service (DoS) attack if the application is a server. It has not been verified if this issue could lead to further consequences such as remote code execution. These errata packages contain a patch to correct this vulnerability. Please note that the original patch from the OpenSSL team had a mistake in it which could possibly still allow buffer overflows to occur. This bug is also fixed in these errata packages. NOTE: Please read the Solution section below as it contains instructions for making sure that all SSL-enabled processes are restarted after the update is applied. Thanks go to the OpenSSL team for providing patches for these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated OpenSSL packages are available for Red Hat Linux Advanced Server.\nThese updates fix multiple protocol parsing bugs, which may cause a denial\nof service (DoS) attack or cause SSL-enabled applications to crash.\n\n[Updated 06 Jan 2003]\nAdded fixed packages for the ia64 architecture.\n\n[Updated 06 Feb 2003]\nAdded fixed packages for Advanced Workstation 2.1",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a commercial-grade, full-featured, and open source toolkit\nwhich implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library.\n\nPortions of the SSL protocol data stream, which include the lengths of\nstructures which are being transferred, may not be properly validated.\nThis may allow a malicious server or client to cause an affected \napplication to crash or enter an infinite loop, which can be used as a\ndenial of service (DoS) attack if the application is a server.  It has not \nbeen verified if this issue could lead to further consequences such as \nremote code execution.\n\nThese errata packages contain a patch to correct this vulnerability. \nPlease note that the original patch from the OpenSSL team had a mistake in\nit which could possibly still allow buffer overflows to occur.  This bug \nis also fixed in these errata packages.\n\nNOTE:\n\nPlease read the Solution section below as it contains instructions for\nmaking sure that all SSL-enabled processes are restarted after the update\nis applied.\n\nThanks go to the OpenSSL team for providing patches for these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:161",
        "url": "https://access.redhat.com/errata/RHSA-2002:161"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_161.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:39+00:00",
      "generator": {
        "date": "2024-11-21T22:26:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:161",
      "initial_release_date": "2002-08-05T18:59:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-05T18:59:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-29T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Products"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-05T18:59:00+00:00",
          "details": "Because both client and server applications are affected by these\nvulnerabilities, we advise users to reboot their systems after installing\nthese updates.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is only available via Red Hat Network.  To \nuse Red Hat Network, launch the Red Hat Update Agent with the following \ncommand:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:161"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002_160

Vulnerability from csaf_redhat

Published

2002-08-06 07:34

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: : Updated openssl packages fix protocol parsing bugs

Notes

Topic

Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service (DoS) attack or cause SSL-enabled applications to crash.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2,\nand 7.3. These updates fix multiple protocol parsing bugs which may be used\nin a denial of service (DoS) attack or cause SSL-enabled applications to crash.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a commercial-grade, full-featured, and open source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols as well as a full-strength general purpose\ncryptography library.\n\nPortions of the SSL protocol data stream, which include the lengths of\nstructures which are being transferred, may not be properly validated. This\nmay allow a malicious server or client to cause an affected application to\ncrash or enter an infinite loop, which can be used as a denial of service\n(DoS) attack if the application is a server. It has not been verified if\nthis issue could lead to further consequences such as remote code execution.\n\nThese errata packages contain a patch to correct this vulnerability. \nPlease note that the original patch from the OpenSSL team had a mistake in\nit which could possibly still allow buffer overflows to occur.  This bug is\nalso fixed in these errata packages.\n\nNOTE:\n\nPlease read the Solution section below as it contains instructions for\nmaking sure that all SSL-enabled processes are restarted after the update\nis applied.\n\nThanks go to the OpenSSL team for providing patches for this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:160",
        "url": "https://access.redhat.com/errata/RHSA-2002:160"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_160.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated openssl packages fix protocol parsing bugs",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:57+00:00",
      "generator": {
        "date": "2024-11-21T22:26:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:160",
      "initial_release_date": "2002-08-06T07:34:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-06T07:34:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-29T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:34:00+00:00",
          "details": "Because both client and server applications are affected by these\nvulnerabilities, we advise users to reboot their systems after installing\nthese updates.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:160"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002_184

Vulnerability from csaf_redhat

Published

2002-08-19 14:40

Modified

2024-11-21 22:26

Summary

Red Hat Security Advisory: openssl security update for Stronghold

Notes

Topic

A new Stronghold 3 release is available which contains an updated fix for the OpenSSL ASN1 vulnerability.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new Stronghold 3 release is available which contains an updated fix for\nthe OpenSSL ASN1 vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a commercial-grade, full-featured, open source toolkit which\nimplements the Secure Sockets Layer (SSL v2/v3) and Transport Layer\nSecurity (TLS v1) protocols, as well as a full-strength general purpose\ncryptography library. \n\nThe OpenSSL group found an issue in the patch that was released to fix the\nprevious vulnerability in the ASN.1 routines (RHSA-2002-164,\nCAN-2002-0659).  The previous patch did not completely eliminate the\ninitial vulnerability and could lead to Denial of Service (DoS) attacks\nagainst a server.  It has not been verified if this issue could lead to\nfurther consequences, such as remote code execution.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:184",
        "url": "https://access.redhat.com/errata/RHSA-2002:184"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_184.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:48+00:00",
      "generator": {
        "date": "2024-11-21T22:26:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:184",
      "initial_release_date": "2002-08-19T14:40:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-19T14:40:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-08-19T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 3",
                "product": {
                  "name": "Red Hat Stronghold 3",
                  "product_id": "Red Hat Stronghold 3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0659",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
        }
      ],
      "release_date": "2002-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-19T14:40:00+00:00",
          "details": "We have backported the fix for the version of OpenSSL included in\nStronghold 3.  Stronghold 3 build code 3019 is now available which\nincludes this fix, and can be downloaded from \nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, see \nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
          "product_ids": [
            "Red Hat Stronghold 3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:184"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2002-0659

Vulnerability from gsd

Modified

2023-12-13 01:24

Details

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Aliases

CVE-2002-0659

Aliases

CVE-2002-0659

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-0659",
    "description": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
    "id": "GSD-2002-0659",
    "references": [
      "https://www.debian.org/security/2002/dsa-136",
      "https://access.redhat.com/errata/RHSA-2002:193",
      "https://access.redhat.com/errata/RHSA-2002:184",
      "https://access.redhat.com/errata/RHSA-2002:164",
      "https://access.redhat.com/errata/RHSA-2002:163",
      "https://access.redhat.com/errata/RHSA-2002:161",
      "https://access.redhat.com/errata/RHSA-2002:160"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-0659"
      ],
      "details": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
      "id": "GSD-2002-0659",
      "modified": "2023-12-13T01:24:08.049273Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-0659",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2002:164",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
          },
          {
            "name": "RHSA-2002:161",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
          },
          {
            "name": "VU#748355",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/748355"
          },
          {
            "name": "CSSA-2002-033.0",
            "refsource": "CALDERA",
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "CA-2002-23",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "RHSA-2002:160",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
          },
          {
            "name": "CSSA-2002-033.1",
            "refsource": "CALDERA",
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "openssl-asn1-parser-dos(9718)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/9718.php"
          },
          {
            "name": "CLA-2002:516",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
          },
          {
            "name": "5366",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/5366"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "refsource": "FREEBSD",
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0659"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "VU#748355",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/748355"
            },
            {
              "name": "RHSA-2002:164",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
            },
            {
              "name": "RHSA-2002:161",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
            },
            {
              "name": "RHSA-2002:160",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "tags": [],
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "tags": [],
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            },
            {
              "name": "5366",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/5366"
            },
            {
              "name": "openssl-asn1-parser-dos(9718)",
              "refsource": "XF",
              "tags": [],
              "url": "http://www.iss.net/security_center/static/9718.php"
            },
            {
              "name": "CLA-2002:516",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-10T19:12Z",
      "publishedDate": "2002-08-12T04:00Z"
    }
  }
}

var-200208-0144

Vulnerability from variot

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "isc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openldap",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9ias"
      },
      {
        "model": "cobalt raq3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "internet express eak",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "software opera web browser linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "linux affinity toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "openssl for openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "safeword premieraccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "securecomputing",
        "version": "3.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "1.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "netmail e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "project openssl g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "project openssl e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "tru64 unix internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.3"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "openssl for openvms alpha -a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "oracle9i application server",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.2"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "secure os software for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "suse email server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "3.1"
      },
      {
        "model": "software opera web browser win32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:isc:bind",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:openssl:openssl",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_550",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:linux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "James Yonan\u203b jim@ntlp.com\u203bAdi Stav\u203b stav@mercury.co.il",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-0659",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2002-0659",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-5050",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2002-0659",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#748355",
            "trust": 0.8,
            "value": "31.33"
          },
          {
            "author": "NVD",
            "id": "CVE-2002-0659",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200208-052",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5050",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state.  This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-5050",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "5366",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#748355",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174",
        "trust": 0.8
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:160",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:164",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:161",
        "trust": 0.6
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2002:516",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "CA-2002-23",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.0",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.1",
        "trust": 0.6
      },
      {
        "db": "FREEBSD",
        "id": "FREEBSD-SA-02:33",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "23199",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "id": "VAR-200208-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-22T22:20:34.112000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "secadv_20020730",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20020730.txt"
      },
      {
        "title": "#37",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html"
      },
      {
        "title": "RHSA-2002:160",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
      },
      {
        "title": "46424",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
      },
      {
        "title": "ISC Information for VU#748355",
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/JSHA-5CSL3X"
      },
      {
        "title": "RHSA-2002:160",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-160J.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.3,
        "url": "http://www.securityfocus.com/bid/5366"
      },
      {
        "trust": 3.5,
        "url": "http://www.cert.org/advisories/ca-2002-23.html"
      },
      {
        "trust": 3.5,
        "url": "http://www.kb.cert.org/vuls/id/748355"
      },
      {
        "trust": 3.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-160.html"
      },
      {
        "trust": 2.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
      },
      {
        "trust": 2.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
      },
      {
        "trust": 2.7,
        "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
      },
      {
        "trust": 2.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-161.html"
      },
      {
        "trust": 2.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-164.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.iss.net/security_center/static/9718.php"
      },
      {
        "trust": 2.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.asc"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.md5"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0659"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2002-23"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0659"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120139"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120141"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000516"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "BID",
        "id": "5366"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "date": "2002-08-12T04:00:00",
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "date": "2009-07-11T14:56:00",
        "db": "BID",
        "id": "5366"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "date": "2006-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      },
      {
        "date": "2024-11-20T23:39:34.700000",
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.9
  }
}

ghsa-3x2f-268g-8hg7

Vulnerability from github

Published

2022-05-03 03:07

Modified

2022-05-03 03:07

Details

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-0659"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-08-12T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.",
  "id": "GHSA-3x2f-268g-8hg7",
  "modified": "2022-05-03T03:07:57Z",
  "published": "2022-05-03T03:07:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2002-23.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/9718.php"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/748355"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/5366"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from gsd

Vulnerability from variot

Vulnerability from github

Tags

Sightings

Nomenclature