SSL: OpenSSL Handshake Denial Of Service

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Extended Description

Three security vulnerabilities have been reported to affect OpenSSL. Each of these remotely exploitable issues may result in a denial of service in applications which use OpenSSL. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081.

Affected Products

Netscreen instant_virtual_extranet,Lite_speed_technologies litespeed_web_server

References

BugTraq: 9899

CVE: CVE-2004-0079

Short Name

SSL:VULN:OPENSSL-HS-DOS

Severity

Major

Recommended

False

Recommended Action

Drop

SSL: OpenSSL Handshake Denial Of Service

Extended Description

Affected Products

References

Found a potential security threat?