CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

🔗 References (90)

• cve@mitreftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc
• cve@mitreftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
• cve@mitreftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• cve@mitrehttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=61798
• cve@mitrehttp://fedoranews.org/updates/FEDORA-2004-095.shtml
• cve@mitrehttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
• cve@mitrehttp://lists.apple.com/mhonarc/security-announce/msg00045.html
• cve@mitrehttp://marc.info/?l=bugtraq&m=107953412903636&w=2
• cve@mitrehttp://marc.info/?l=bugtraq&m=108403806509920&w=2
• cve@mitrehttp://secunia.com/advisories/11139
• cve@mitrehttp://secunia.com/advisories/17381
• cve@mitrehttp://secunia.com/advisories/17398
• cve@mitrehttp://secunia.com/advisories/17401