Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2004-0112

Disclosure Date: November 23, 2004 •

Description

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Products

References

Canonical

CVE-2004-0112 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112)

BID-9899 (http://www.securityfocus.com/bid/9899)

Advisory

SSRT4717 (http://marc.info?l=bugtraq&m=108403806509920&w=2)

http://www.redhat.com/support/errata/RHSA-2004-121.html

SUNALERT-57524 (http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524)

http://www.novell.com/linux/security/advisories/2004_07_openssl.html

http://lists.apple.com/mhonarc/security-announce/msg00045.html

http://www.openssl.org/news/secadv_20040317.txt

TA04-078A (http://www.us-cert.gov/cas/techalerts/TA04-078A.html)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049

XF-openssl-kerberos-ciphersuites-dos(15508) (https://exchange.xforce.ibmcloud.com/vulnerabilities/15508)

VU#484726 (http://www.kb.cert.org/vuls/id/484726)

GLSA-200403-03 (http://security.gentoo.org/glsa/glsa-200403-03.xml)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580

SECUNIA-11139 (http://secunia.com/advisories/11139)

http://www.redhat.com/support/errata/RHSA-2004-120.html

20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] (http://marc.info?l=bugtraq&m=107953412903636&w=2)

APPLE-SA-2005-08-15 (http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html)

20040317 Cisco OpenSSL Implementation Vulnerability (http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml)

http://docs.info.apple.com/article.html?artnum=61798

APPLE-SA-2005-08-17 (http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928

Miscellaneous

http://www.mandriva.com/security/advisories?name=MDKSA-2004:023

http://distro.conectiva.com.br/atualizacoes?id=a&anuncio=000834

http://www.uniras.gov.uk/vuls/2004/224012/index.htm

O-101 (http://www.ciac.org/ciac/bulletins/o-101.shtml)

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961

2004-0012 (http://www.trustix.org/errata/2004/0012)

Rapid7

Technical Analysis