CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

🔗 References (50)

• cve@mitreftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
• cve@mitrehttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• cve@mitrehttp://fedoranews.org/updates/FEDORA-2004-095.shtml
• cve@mitrehttp://marc.info/?l=bugtraq&m=107955049331965&w=2
• cve@mitrehttp://marc.info/?l=bugtraq&m=108403850228012&w=2
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2004-119.html
• cve@mitrehttp://secunia.com/advisories/11139
• cve@mitrehttp://security.gentoo.org/glsa/glsa-200403-03.xml
• cve@mitrehttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
• cve@mitrehttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
• cve@mitrehttp://www.debian.org/security/2004/dsa-465
• cve@mitrehttp://www.kb.cert.org/vuls/id/465542
• cve@mitrehttp://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
• cve@mitrehttp://www.redhat.com/support/errata/RHSA-2004-120.html