CVE-2003-0544 – CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
https://notcve.org/view.php?id=CVE-2003-0544
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. OpenSSL 0.9.6 y 0.9.7no lleva bien la cuenta del número de caractéres de ciertas entradas ASN.1, lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante un certifiucado que hace que OpenSSL lea más allá del búfer cuando una forma larga es usada. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/380864 http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html http:/ •
CVE-2003-0543 – OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
https://notcve.org/view.php?id=CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Desbordamiento de enteros en OpenSSL 0.9.6 y 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) mediante un certificado SSL de cliente con ciertos valores en la etiqueta ASN.1. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • https://www.exploit-db.com/exploits/146 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/255484 http://www.linuxsecurity.com •
CVE-2003-0545
https://notcve.org/view.php?id=CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Vulnerabilidad de doble liberación (de memoria) en OpenSSL 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante un certificado de cliente SSL con una cierta condificación ASN.1 no válida. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • http://secunia.com/advisories/22249 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/935264 http://www.redhat.com/support/errata/RHSA-2003-292.html http://www.securityfocus.com/bid/8732 http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm http://www.vupen.com/english/advisories/2006/3900 https://oval.cisecurity.org/repository • CWE-415: Double Free •
CVE-2003-0131
https://notcve.org/view.php?id=CVE-2003-0131
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." Los componentes SSL y TLS de OpenSSL 0.9.6i y anteriores, y 0.9.7a permite a atacantes remotos llevar a cabo una operación de clave privada RSA mediante un ataque de Bleichenbacher modificado que usa un número largo de conexiones SSL o TLS usando relleno PKCS #1 v1.5 que causa que OpenSSL filtre información sobre la la relación entre el texto cifrado y el texto plano asociado. También conocida como "ataque Klima-Pokorny-Rosa". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://eprint.iacr.org/2003/052 http://lists.apple.com/mhonarc/security-announce/msg00028.html http://marc.info/?l=bugtraq&m=104811162730834&w=2 http://marc.info/?l=bugtraq&m=104852637112330&w=2 h •
CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •