CVE-2004-0112

Currently unrated

Key Information:

Vendor: Cisco
Status: Firewall Services Module; Clientless Vpn Gateway 4400; Apache-based Web Server; Aaa Server
Vendor: CVE Published:; 23 November 2004

Summary

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

References

http://www.securityfocus.com/bid/9899

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=108403806509920&w=2

vendor-advisoryx_refsource_HP

http://www.redhat.com/support/errata/RHSA-2004-121.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Nov 23, 2004
Vulnerability Reserved
Feb 2, 2004