CVE-2004-0079

high-risk

Published 2004-11-23

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Do I need to act?

2.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Firewall Services Module

Aaa Server

Apache-Based Web Server

Clientless Vpn Gateway 4400

Ciscoworks Common Management Foundation

Ciscoworks Common Services

Converged Communications Server

Sg200

Sg208

Sg5

Mac Os X Server

Freebsd

Hp-Ux

Openbsd

Affected Vendors

Checkpoint Apple Stonesoft Vmware Tarantella Sgi Dell 4D Hp Redhat Bluecoat Sco Symantec Lite Sun Novell Cisco Freebsd Avaya Neoteris Openssl Openbsd Securecomputing

References (90)

Broken Link ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc

Broken Link ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc

Broken Link ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt

Broken Link http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834

Broken Link http://docs.info.apple.com/article.html?artnum=61798

Third Party Advisory http://fedoranews.org/updates/FEDORA-2004-095.shtml

Mailing List http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Mailing List http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Broken Link http://lists.apple.com/mhonarc/security-announce/msg00045.html

Mailing List http://marc.info/?l=bugtraq&m=107953412903636&w=2

Mailing List http://marc.info/?l=bugtraq&m=108403806509920&w=2

Broken Link http://secunia.com/advisories/11139

Broken Link http://secunia.com/advisories/17381

Broken Link http://secunia.com/advisories/17398

Broken Link http://secunia.com/advisories/17401

Broken Link http://secunia.com/advisories/18247

Third Party Advisory http://security.gentoo.org/glsa/glsa-200403-03.xml

Broken Link http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524

Third Party Advisory http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm

Broken Link http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US

and 70 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 5/34 · Minimal

Exposure 33/34 · Critical