• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: OpenSSL Denial of Service Vulnerabilities

Severity: HIGH

Description:

Three security vulnerabilities have been reported to affect OpenSSL. Each of these remotely exploitable issues may result in a denial of service in applications which use OpenSSL.

The first vulnerability is a NULL-pointer assignment that can be triggered by attackers during SSL/TLS handshake exchanges. The vulnerability is in the function 'do_change_cipher_spec()'. It is possible for a malicious host to craft handshake messages to exploit this vulnerability and crash vulnerable systems. This may be due to an attempt by the target application to write to or read from a NULL pointer. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable.

The second vulnerability is also exploited during the SSL/TLS handshake, though only when Kerberos ciphersuites are in use. Attackers exploiting this vulnerability could initiate a handshake exchange with the target designed to trigger this vulnerability. The consequence of doing so would be an out-of-bounds read (an attempt to read an invalid memory region), ultimately resulting in a crash. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected.

This entry will be retired when individual BID records are created for each issue.

*Note: A third vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. This vulnerability was due to an infinite-loop condition (that could be triggered by attackers), which potentially resulted in a denial of service. The CVE candidate name for this vulnerability is CAN-2004-0081.

Affected Products:

• 4D WebSTAR 4.0.0
• 4D WebSTAR 5.2.0
• 4D WebSTAR 5.2.1
• 4D WebSTAR 5.2.2
• 4D WebSTAR 5.2.3
• 4D WebSTAR 5.2.4
• 4D WebSTAR 5.3.0
• 4D WebSTAR 5.3.1
• Apple Mac OS X 10.3.3
• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.2
• Apple Mac OS X Server 10.3.3
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.2
• Avaya Converged Communications Server 2.0.0
• Avaya Intuity Audix R5
• Avaya Intuity LX
• Avaya Intuity R5 R5.1.46
• Avaya Intuity S3210
• Avaya Intuity S3400
• Avaya S8300 R2.0.0
• Avaya S8300 R2.0.1
• Avaya S8500 R2.0.0
• Avaya S8500 R2.0.1
• Avaya S8700 R2.0.0
• Avaya S8700 R2.0.1
• Avaya SG200 4.31.29
• Avaya SG200 4.4.0
• Avaya SG203 4.31.29
• Avaya SG203 4.4.0
• Avaya SG208
• Avaya SG208 4.4.0
• Avaya SG5 4.2.0
• Avaya SG5 4.3.0
• Avaya SG5 4.4.0
• Avaya SG5X 4.2.0
• Avaya SG5X 4.3.0
• Avaya SG5X 4.4.0
• Avaya VSU 100 R2.0.1
• Avaya VSU 10000 R2.0.1
• Avaya VSU 2000 R2.0.1
• Avaya VSU 5
• Avaya VSU 500
• Avaya VSU 5000 R2.0.1
• Avaya VSU 5x
• Avaya VSU 7500 R2.0.1
• Blue Coat Systems CacheOS CA/SA 4.1.10
• Blue Coat Systems Security Gateway OS 2.0.0
• Blue Coat Systems Security Gateway OS 2.1.5001 SP1
• Blue Coat Systems Security Gateway OS 2.1.9
• Blue Coat Systems Security Gateway OS 3.0.0
• Blue Coat Systems Security Gateway OS 3.1.0
• BlueCoat Systems CacheOS CA/SA 4.1.12
• BlueCoat Systems ProxySG
• Caldera OpenUnix 8.0.0
• Caldera UnixWare 7.1.1
• Caldera UnixWare 7.1.3
• Check Point Software FireWall-1 GX 2.0.0
• Check Point Software FireWall-1 Next Generation FP0
• Check Point Software FireWall-1 Next Generation FP1
• Check Point Software FireWall-1 Next Generation FP2
• Check Point Software FireWall-1 VSX NG with Application Intelligence
• Check Point Software Providor-1 4.1.0
• Check Point Software Providor-1 4.1.0 SP1
• Check Point Software Providor-1 4.1.0 SP2
• Check Point Software Providor-1 4.1.0 SP3
• Check Point Software Providor-1 4.1.0 SP4
• Check Point Software VPN-1 Next Generation FP0
• Check Point Software VPN-1 Next Generation FP1
• Check Point Software VPN-1 Next Generation FP2
• Check Point Software VPN-1 VSX NG with Application Intelligence
• Cisco Access Registrar
• Cisco Application & Content Networking Software (ACNS)
• Cisco CSS Secure Content Accelerator 1.0.0
• Cisco CSS Secure Content Accelerator 2.0.0
• Cisco CSS11000 Content Services Switch
• Cisco CSS11050 Content Services Switch
• Cisco CSS11150 Content Services Switch
• Cisco CSS11500 Content Services Switch
• Cisco CSS11501 Content Services Switch
• Cisco CSS11503 Content Services Switch
• Cisco CSS11506 Content Services Switch
• Cisco CSS11800 Content Services Switch
• Cisco Call Manager
• Cisco CiscoWorks Common Management Foundation 2.1.0
• Cisco CiscoWorks Common Services 2.2.0
• Cisco Firewall Services Module
• Cisco Firewall Services Module 1.1.0 (3.005)
• Cisco Firewall Services Module 1.1.2
• Cisco Firewall Services Module 1.1.3
• Cisco Firewall Services Module 2.1.0 (0.208)
• Cisco GSS 4480 Global Site Selector
• Cisco GSS 4490 Global Site Selector
• Cisco IOS 12.1(11)E
• Cisco IOS 12.1(11)EA1
• Cisco IOS 12.1(11)EC
• Cisco IOS 12.1(11b)E
• Cisco IOS 12.1(11b)E12
• Cisco IOS 12.1(11b)E14
• Cisco IOS 12.1(13)E9
• Cisco IOS 12.1(19)E1
• Cisco IOS 12.2(14)SY
• Cisco IOS 12.2(14)SY1
• Cisco IOS 12.2SY
• Cisco IOS 12.2ZA
• Cisco MDS 9000
• Cisco Okena Stormwatch 3.2.0
• Cisco PIX Firewall 515
• Cisco PIX Firewall 520
• Cisco PIX Firewall 6.0.0
• Cisco PIX Firewall 6.0.0 (1)
• Cisco PIX Firewall 6.0.0 (2)
• Cisco PIX Firewall 6.0.0 (4)
• Cisco PIX Firewall 6.0.0 (4.101)
• Cisco PIX Firewall 6.0.3
• Cisco PIX Firewall 6.0.4
• Cisco PIX Firewall 6.1.0
• Cisco PIX Firewall 6.1.0 (1)
• Cisco PIX Firewall 6.1.0 (2)
• Cisco PIX Firewall 6.1.0 (3)
• Cisco PIX Firewall 6.1.0 (4)
• Cisco PIX Firewall 6.1.0 (5)
• Cisco PIX Firewall 6.1.3
• Cisco PIX Firewall 6.1.4
• Cisco PIX Firewall 6.1.5
• Cisco PIX Firewall 6.2.0
• Cisco PIX Firewall 6.2.0 (1)
• Cisco PIX Firewall 6.2.0 (2)
• Cisco PIX Firewall 6.2.0 (3)
• Cisco PIX Firewall 6.2.0 (3.100)
• Cisco PIX Firewall 6.2.1
• Cisco PIX Firewall 6.2.2
• Cisco PIX Firewall 6.2.2 .111
• Cisco PIX Firewall 6.2.3
• Cisco PIX Firewall 6.3.0
• Cisco PIX Firewall 6.3.0 (1)
• Cisco PIX Firewall 6.3.0 (3.102)
• Cisco PIX Firewall 6.3.0 (3.109)
• Cisco PIX Firewall 6.3.1
• Cisco PIX Firewall 6.3.2
• Cisco Secure Content Accelerator 10000
• Cisco Threat Response
• Cisco WebNS 6.10.0
• Cisco WebNS 6.10.0 B4
• Cisco WebNS 7.1.0 0.1.02
• Cisco WebNS 7.1.0 0.2.06
• Cisco WebNS 7.10.0
• Cisco WebNS 7.10.0 .0.06s
• Cisco WebNS 7.2.0 0.0.03
• Cisco iCDN 2.0.0
• Citrix Secure Gateway for Solaris 1.1.0
• Citrix Secure Gateway for Solaris 1.12.0
• Citrix Secure Gateway for Solaris 1.13.0
• Computer Associates eTrust Security Command Center 1.0.0
• Conectiva Linux 8.0.0
• Conectiva Linux 9.0.0
• Conectiva Linux Enterprise Edition 1.0.0
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• FreeBSD FreeBSD 4.6.0
• FreeBSD FreeBSD 4.6.0 -RELEASE
• FreeBSD FreeBSD 4.7.0
• FreeBSD FreeBSD 4.7.0 -RELEASE
• FreeBSD FreeBSD 4.8.0
• FreeBSD FreeBSD 4.8.0 -RELENG
• FreeBSD FreeBSD 4.9.0
• FreeBSD FreeBSD 5.0.0
• FreeBSD FreeBSD 5.1.0
• FreeBSD FreeBSD 5.1.0 -RELEASE
• FreeBSD FreeBSD 5.1.0 -RELENG
• FreeBSD FreeBSD 5.2.0
• FreeBSD FreeBSD 5.2.0 -RELEASE
• HP AAA Server
• HP Apache-Based Web Server 1.3.27 .00
• HP Apache-Based Web Server 1.3.27 .01
• HP Apache-Based Web Server 2.0.43 .00
• HP Apache-Based Web Server 2.0.43 .04
• HP HP-UX 11.0.0
• HP HP-UX 11.11.0
• HP HP-UX 11.23.0
• HP HP-UX 8.5.0
• HP HP-UX Apache-Based Web Server 1.0.0 .01
• HP HP-UX Apache-Based Web Server 1.0.0 .02.01
• HP HP-UX Apache-Based Web Server 1.0.0 .03.01
• HP HP-UX Apache-Based Web Server 1.0.0 .04.01
• HP HP-UX Apache-Based Web Server 1.0.0 .05.01
• HP HP-UX Apache-Based Web Server 1.0.0 .06.01
• HP HP-UX Apache-Based Web Server 1.0.0 .06.02
• HP HP-UX Apache-Based Web Server 1.0.0 .07.01
• HP HP-UX Apache-Based Web Server 1.0.1 .01
• HP WBEM A.01.05.08
• HP WBEM A.02.00.00
• HP WBEM A.02.00.01
• HP Webmin-Based Admin 1.0.0 .01
• Immunix Immunix OS 7+
• Lite Speed Technologies LiteSpeed Web Server 1.0.1
• Lite Speed Technologies LiteSpeed Web Server 1.0.2
• Lite Speed Technologies LiteSpeed Web Server 1.0.3
• Lite Speed Technologies LiteSpeed Web Server 1.1.0
• Lite Speed Technologies LiteSpeed Web Server 1.1.1
• Lite Speed Technologies LiteSpeed Web Server 1.2.0 RC1
• Lite Speed Technologies LiteSpeed Web Server 1.2.0 RC2
• Lite Speed Technologies LiteSpeed Web Server 1.2.1
• Lite Speed Technologies LiteSpeed Web Server 1.2.2
• Lite Speed Technologies LiteSpeed Web Server 1.3.0
• Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC1
• Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC2
• Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC3
• Lite Speed Technologies LiteSpeed Web Server 1.3.1
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• NetBSD NetBSD 1.6.0
• Netscreen Instant Virtual Extranet 3.0.0
• Netscreen Instant Virtual Extranet 3.1.0
• Netscreen Instant Virtual Extranet 3.2.0
• Netscreen Instant Virtual Extranet 3.3.0
• Netscreen Instant Virtual Extranet 3.3.1
• Novell eDirectory 8.0.0
• Novell eDirectory 8.5.0
• Novell eDirectory 8.5.12 a
• Novell eDirectory 8.5.27
• Novell eDirectory 8.6.2
• Novell eDirectory 8.7.0
• Novell eDirectory 8.7.1
• Novell eDirectory 8.7.1 SU1
• Novell iManager 1.5.0
• Novell iManager 2.0.0
• OpenBSD OpenBSD 3.2
• OpenBSD OpenBSD 3.3
• OpenBSD OpenBSD 3.4
• OpenPKG OpenPKG 1.1.0
• OpenPKG OpenPKG 1.2.0
• OpenPKG OpenPKG 1.3.0
• OpenPKG OpenPKG 2.0.0
• OpenPKG OpenPKG Current
• OpenSSL Project OpenSSL 0.9.6 c
• OpenSSL Project OpenSSL 0.9.6 d
• OpenSSL Project OpenSSL 0.9.6 e
• OpenSSL Project OpenSSL 0.9.6 f
• OpenSSL Project OpenSSL 0.9.6 g
• OpenSSL Project OpenSSL 0.9.6 h
• OpenSSL Project OpenSSL 0.9.6 i
• OpenSSL Project OpenSSL 0.9.6 j
• OpenSSL Project OpenSSL 0.9.6 k
• OpenSSL Project OpenSSL 0.9.7
• OpenSSL Project OpenSSL 0.9.7 a
• OpenSSL Project OpenSSL 0.9.7 b
• OpenSSL Project OpenSSL 0.9.7 beta1
• OpenSSL Project OpenSSL 0.9.7 beta2
• OpenSSL Project OpenSSL 0.9.7 beta3
• OpenSSL Project OpenSSL 0.9.7 c
• RSA Security BSAFE SSL-J SDK 3.0.0
• RSA Security BSAFE SSL-J SDK 3.0.1
• RSA Security BSAFE SSL-J SDK 3.1.0
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core1
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Linux 7.2.0
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 8.0.0
• RedHat Linux 9.0.0 i386
• RedHat openssl-0.9.7a-2.i386.rpm
• RedHat openssl-devel-0.9.7a-2.i386.rpm
• RedHat openssl-perl-0.9.7a-2.i386.rpm
• RedHat openssl096-0.9.6-15.i386.rpm
• RedHat openssl096b-0.9.6b-3.i386.rpm
• S.u.S.E. Linux 8.0.0
• S.u.S.E. Linux 8.0.0 i386
• S.u.S.E. Linux Personal 8.2.0
• SCO Open Server 5.0.6
• SCO Open Server 5.0.7
• SCO Unixware 7.1.1
• SCO Unixware 7.1.3
• SGI IRIX 6.5.20 f
• SGI IRIX 6.5.20 m
• SGI IRIX 6.5.21 f
• SGI IRIX 6.5.21 m
• SGI IRIX 6.5.22 m
• SGI IRIX 6.5.23 m
• SGI IRIX 6.5.24 m
• SGI ProPack 2.3.0
• SGI ProPack 2.4.0
• SGI ProPack 3.0.0
• SGI ProPack 3.0.0 SP6
• Secure Computing Sidewinder 5.2.0
• Secure Computing Sidewinder 5.2.0 .0.01
• Secure Computing Sidewinder 5.2.0 .0.02
• Secure Computing Sidewinder 5.2.0 .0.03
• Secure Computing Sidewinder 5.2.0 .0.04
• Secure Computing Sidewinder 5.2.0 .1
• Secure Computing Sidewinder 5.2.0 .1.02
• Slackware Linux -current
• Slackware Linux 8.1.0
• Slackware Linux 9.0.0
• Slackware Linux 9.1.0
• Stonesoft ServerCluster 2.5.0
• Stonesoft ServerCluster 2.5.2
• Stonesoft StoneBeat FullCluster for Firewall-1 2.0.0
• Stonesoft StoneBeat FullCluster for Firewall-1 3.0.0
• Stonesoft StoneBeat FullCluster for Gauntlet 2.0.0
• Stonesoft StoneBeat FullCluster for ISA Server 3.0.0
• Stonesoft StoneBeat FullCluster for Raptor 2.0.0
• Stonesoft StoneBeat FullCluster for Raptor 2.5.0
• Stonesoft StoneBeat SecurityCluster 2.0.0
• Stonesoft StoneBeat SecurityCluster 2.5.0
• Stonesoft StoneBeat WebCluster 2.0.0
• Stonesoft StoneBeat WebCluster 2.5.0
• Stonesoft StoneGate 1.5.17
• Stonesoft StoneGate 1.5.18
• Stonesoft StoneGate 1.6.2
• Stonesoft StoneGate 1.6.3
• Stonesoft StoneGate 1.7.0
• Stonesoft StoneGate 1.7.1
• Stonesoft StoneGate 1.7.2
• Stonesoft StoneGate 2.0.1
• Stonesoft StoneGate 2.0.4
• Stonesoft StoneGate 2.0.5
• Stonesoft StoneGate 2.0.6
• Stonesoft StoneGate 2.0.7
• Stonesoft StoneGate 2.0.8
• Stonesoft StoneGate 2.0.9
• Stonesoft StoneGate 2.1.0
• Stonesoft StoneGate 2.2.0
• Stonesoft StoneGate 2.2.1
• Stonesoft StoneGate 2.2.4
• Stonesoft StoneGate VPN Client 1.7.0
• Stonesoft StoneGate VPN Client 1.7.2
• Stonesoft StoneGate VPN Client 2.0.0
• Stonesoft StoneGate VPN Client 2.0.7
• Stonesoft StoneGate VPN Client 2.0.8
• Stonesoft StoneGate VPN Client 2.0.9
• Sun Crypto Accelerator 4000 1.0.0
• Symantec Clientless VPN Gateway 4400 Series 5.0.0
• Tarantella Enterprise 3 3.20.00
• Tarantella Enterprise 3 3.30.0
• Tarantella Enterprise 3 3.40.0
• VMWare GSX Server 2.0.0
• VMWare GSX Server 2.0.1 build 2129
• VMWare GSX Server 2.5.1
• VMWare GSX Server 2.5.1 build 5336
• VMWare GSX Server 3.0.0 build 7592
• Webmin Webmin 0.980.0

References:

• 4D Inc.: 4D WebSTAR Product Page
• Adiscon: Two OpenSSL vulnerabilities fixed
• Apple: Security Update 2004-04-05 (10.3.3)
• Avaya: Avaya Security Advisory Home Page
• Avaya: openssl security update (RHSA-2005-829)
• Blue Coat Systems: Security Advisory: OpenSSL Vulnerability CAN-2004-0079
• CVE: CAN-2004-0079
• CVE: CAN-2004-0081
• CVE: CAN-2004-0112
• Check Point Software: OpenSSL Vulnerability
• Cisco: Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability
• Conectiva: CLSA-2004:827 OpenSSL
• Conectiva: CLSA-2004:834 - openssl
• LiteSpeed Technologies: Vendor Homepage
• NetScreen: NetScreen Advisory 58466
• Novell: Security Update 4 - TID2968981
• Red Hat: RHSA-2004:119-04 Updated OpenSSL packages fix vulnerabilities
• RedHat: RHSA-2004:119-04 - Updated OpenSSL packages fix vulnerabilities
• RedHat: RHSA-2004:120-12 - Updated OpenSSL packages fix vulnerabilities
• RedHat: RHSA-2004:139-05 - Stronghold 4: New release fixes OpenSSL and Apache issues
• RedHat: RHSA-2005:830-4 - openssl096b security update
• Secure Computing: Side Winder 5.2 Patch 5.2.1.10 Release Notes
• Stonesoft: OpenSSL Denial-of-Service Vulnerabilities
• Sun: Sun Alert ID: 57524
• Sun: Sun Alert ID: 57524 - Potential SSL Vulnerabilities in Sun Products
• Sun: Sun Alert ID: 57571 - Sun Crypto Accelerator 4000 v.1.0 Software DoS
• Tarantella: Tarantella Security Bulletin #10
• UNIRAS: UNIRAS ALERT - 12/04 - Denial of Service Vulnerabilities in OpenSSL
• VMWare: Installing OpenSSL Patch to Correct CERT Vulnerabilities in VMware GSX Server 2.
• VMWare: Installing OpenSSL Patch to Correct CERT Vulnerabilities in VMware GSX Server 3.

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.