OpenSSL ASN.1 Parser Multiple Remote DoS

High Nessus Plugin ID 11875


The remote host is affected by a heap corruption vulnerability.


The remote host seems to be running a version of OpenSSL that is older than 0.9.6k or 0.9.7c.

There is a heap corruption bug in this version that might be exploited by an attacker to execute arbitrary code on the remote host with the privileges of the remote service.


If you are running OpenSSL, upgrade to version 0.9.6k or 0.9.7c or newer.

Plugin Details

Severity: High

ID: 11875

File Name: ssltest.nasl

Version: 1.56

Type: remote

Family: Misc.

Published: 2003/10/10

Modified: 2014/05/02

Dependencies: 56984, 12521

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SSL/Supported

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2002/07/30

Reference Information

CVE: CVE-2003-0543, CVE-2003-0544, CVE-2003-0545, CVE-2005-1247, CVE-2005-1730

BID: 8732, 13359

OSVDB: 15805, 3684, 3686, 3943, 3949

RHSA: 2003:291-01

SuSE: SUSE-SA:2003:043

CWE: 119