The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Score CVSS v2.0
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Informations
- Publié
- 23 nov. 2004
- Mis à jour
- 16 avr. 2026
- Statut
- Modified
- Source
- cve@mitre.org
Produits affectés
cisco firewall services module
Versions : 1.1.2, 1.1.3, 1.1_\(3.005\), 2.1_\(0.208\)
hp aaa server
hp apache-based web server
Versions : 2.0.43.00, 2.0.43.04
symantec clientless vpn gateway 4400
Versions : 5.0
cisco ciscoworks common management foundation
Versions : 2.1
cisco ciscoworks common services
Versions : 2.2
avaya converged communications server
Versions : 2.0
avaya sg200
Versions : 4.4, 4.31.29
Faiblesses (CWE)
CWE-125
Références (58)
- http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/11139Broken Link
- http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
- http://www.kb.cert.org/vuls/id/484726Third Party AdvisoryUS Government Resource
- + 43 autres références sur NVD
CVEs similaires
Autres vulnérabilités de type CWE-125
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.