HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)
Critical Nessus Plugin ID 16912
SynopsisThe remote HP-UX host is missing a security-related patch.
Descriptions700_800 11.23 Bind 9.2.0 components :
1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. More details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. More details are available at:
CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested.
SolutionInstall patch PHNE_31726 or subsequent.