OpenSSL ASN.1 Parser Multiple Remote DoS

high Nessus Plugin ID 11875

Synopsis

The remote host is affected by a heap corruption vulnerability.

Description

The remote host seems to be running a version of OpenSSL that is older than 0.9.6k or 0.9.7c.

There is a heap corruption bug in this version that might be exploited by an attacker to execute arbitrary code on the remote host with the privileges of the remote service.

Solution

If you are running OpenSSL, upgrade to version 0.9.6k or 0.9.7c or newer.

Plugin Details

Severity: High

ID: 11875

File Name: ssltest.nasl

Version: 1.64

Type: remote

Family: Misc.

Published: 10/10/2003

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SSL/Supported

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/30/2002

Reference Information

CVE: CVE-2003-0543, CVE-2003-0544, CVE-2003-0545, CVE-2005-1247, CVE-2005-1730

BID: 8732, 13359

CWE: 119

RHSA: 2003:291-01

SuSE: SUSE-SA:2003:043