Vulnerability Name:

CVE-2002-0655 (CCN-9717)

Assigned:2002-07-30
Published:2002-07-30
Updated:2008-09-10
Summary:OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-033.0

Source: CALDERA
Type: UNKNOWN
CSSA-2002-033.1

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-033.1
REVISED: multiple vulnerabilities in open

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:33.openssl
openssl contains multiple vulnerabilities

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:33

Source: CCN
Type: BugTraq Mailing List, Tue Jul 30 2002 - 05:15:00 CDT
OpenSSL patches for other versions

Source: MITRE
Type: CNA
CVE-2002-0655

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:513

Source: CCN
Type: RHSA-2002-155
Updated openssl packages fix remote vulnerabilities

Source: CCN
Type: RHSA-2002-157
openssl security update

Source: CCN
Type: Compaq SECURITY BULLETIN SRB0036W
SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability

Source: CCN
Type: CERT Advisory CA-2002-23
Multiple Vulnerabilities In OpenSSL

Source: CERT
Type: US Government Resource
CA-2002-23

Source: DEBIAN
Type: DSA-136
openssl -- multiple remote exploits

Source: CCN
Type: US-CERT VU#308891
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers

Source: CERT-VN
Type: US Government Resource
VU#308891

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:046

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20020730-019
Several vulnerabilities in the openssl library

Source: CCN
Type: National Infrastructure Protection Center Advisory 02-006
OpenSSL Vulnerability

Source: CCN
Type: OpenPKG-SA-2002.008
OpenSSL

Source: CCN
Type: OpenSSL Project Web site
OpenSSL: The Open Source toolkit for SSL/TLS

Source: CCN
Type: OpenSSL Security Advisory [30 July 2002]
Vulnerabilities in OpenSSL versions before 0.9.6e

Source: CCN
Type: BID-5353
Multiple OpenSSL Remote Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
5364

Source: CCN
Type: BID-5364
OpenSSL ASCII Representation Of Integers Buffer Overflow Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2002-0063
openssl

Source: XF
Type: UNKNOWN
openssl-ascii-int-bo(9717)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:9.2.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:136
    V
    		multiple remote exploits
    2002-07-30
    BACK
    openssl openssl 0.9.1c
    openssl openssl 0.9.2b
    openssl openssl 0.9.3
    openssl openssl 0.9.4
    openssl openssl 0.9.5
    openssl openssl 0.9.5a
    openssl openssl 0.9.6
    openssl openssl 0.9.6a
    openssl openssl 0.9.6b
    openssl openssl 0.9.6c
    openssl openssl 0.9.6d
    openssl openssl 0.9.7 beta1
    openssl openssl 0.9.7 beta2
    oracle application server *
    oracle application server 1.0.2
    oracle application server 1.0.2.1s
    oracle application server 1.0.2.2
    oracle corporate time outlook connector 3.1
    oracle corporate time outlook connector 3.1.1
    oracle corporate time outlook connector 3.1.2
    oracle corporate time outlook connector 3.3
    oracle http server 9.0.1
    oracle http server 9.2.0
    apple mac os x 10.0
    apple mac os x 10.0.1
    apple mac os x 10.0.2
    apple mac os x 10.0.3
    apple mac os x 10.0.4
    apple mac os x 10.1
    apple mac os x 10.1.1
    apple mac os x 10.1.2
    apple mac os x 10.1.3
    apple mac os x 10.1.4
    apple mac os x 10.1.5
    openssl openssl 0.9.7
    openssl openssl 0.9.6a
    openssl openssl 0.9.6
    openssl openssl 0.9.6 beta1
    openssl openssl 0.9.6 beta2
    openssl openssl 0.9.6 beta3
    openssl openssl 0.9.6a beta1
    openssl openssl 0.9.6a beta2
    openssl openssl 0.9.6a beta3
    openssl openssl 0.9.6b
    openssl openssl 0.9.6c
    openssl openssl 0.9.6d
    openssl openssl 0.9.7 beta1
    openssl openssl 0.9.7 beta2
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 7.1
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    trustix secure linux 1.5
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    engardelinux secure linux -
    openpkg openpkg 1.0
    mandrakesoft mandrake linux 8.2
    redhat linux 7.3
    debian debian linux 3.0
    engardelinux secure professional -
    openpkg openpkg current
    hp openvms *
    redhat enterprise linux 2.1
    oracle application server 1.0.2.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2
    oracle application server 1.0.2.0
    oracle application server 1.0.2.1