Vulnerability Name:

CVE-2002-0659 (CCN-9718)

Assigned:2002-07-30
Published:2002-07-30
Updated:2008-09-10
Summary:The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-033.0

Source: CALDERA
Type: UNKNOWN
CSSA-2002-033.1

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-033.1
REVISED: multiple vulnerabilities in open

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:33.openssl
openssl contains multiple vulnerabilities

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:33

Source: CCN
Type: BugTraq Mailing List, Tue Jul 30 2002 - 05:15:00 CDT
OpenSSL patches for other versions

Source: MITRE
Type: CNA
CVE-2002-0659

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:516

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:516
openssl

Source: CCN
Type: RHSA-2002-160
Updated openssl packages fix protocol parsing bugs

Source: REDHAT
Type: UNKNOWN
RHSA-2002:160

Source: CCN
Type: RHSA-2002-161
openssl security update

Source: REDHAT
Type: UNKNOWN
RHSA-2002:161

Source: REDHAT
Type: UNKNOWN
RHSA-2002:164

Source: CCN
Type: Compaq SECURITY BULLETIN SRB0036W
SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability

Source: CCN
Type: CERT Advisory CA-2002-23
Multiple Vulnerabilities In OpenSSL

Source: CERT
Type: US Government Resource
CA-2002-23

Source: CCN
Type: CIAC Information Bulletin M-103
Multiple Vulnerabilities in OpenSSL

Source: DEBIAN
Type: DSA-136
openssl -- multiple remote exploits

Source: XF
Type: UNKNOWN
openssl-asn1-parser-dos(9718)

Source: CCN
Type: US-CERT VU#748355
ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Source: CERT-VN
Type: US Government Resource
VU#748355

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20020730-019
Several vulnerabilities in the openssl library

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20020807-020
ASN.1 vulnerability fix corrections

Source: CCN
Type: OpenPKG-SA-2002.008
OpenSSL

Source: CCN
Type: OpenSSL Project Web site
OpenSSL: The Open Source toolkit for SSL/TLS

Source: CCN
Type: OpenSSL Security Advisory [30 July 2002]
Vulnerabilities in OpenSSL versions before 0.9.6e

Source: CCN
Type: BID-5353
Multiple OpenSSL Remote Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
5366

Source: CCN
Type: BID-5366
OpenSSL ASN.1 Parsing Error Denial Of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2002-0063
openssl

Source: XF
Type: UNKNOWN
openssl-asn1-parser-dos(9718)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:9.2.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/h:hp:jetdirect:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/a:oracle:reports:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:136
    V
    		multiple remote exploits
    2002-07-30
    BACK
    openssl openssl 0.9.1c
    openssl openssl 0.9.2b
    openssl openssl 0.9.3
    openssl openssl 0.9.4
    openssl openssl 0.9.5
    openssl openssl 0.9.5a
    openssl openssl 0.9.6
    openssl openssl 0.9.6a
    openssl openssl 0.9.6b
    openssl openssl 0.9.6c
    openssl openssl 0.9.6d
    openssl openssl 0.9.7 beta1
    openssl openssl 0.9.7 beta2
    oracle application server *
    oracle application server 1.0.2
    oracle application server 1.0.2.1s
    oracle application server 1.0.2.2
    oracle corporate time outlook connector 3.1
    oracle corporate time outlook connector 3.1.1
    oracle corporate time outlook connector 3.1.2
    oracle corporate time outlook connector 3.3
    oracle http server 9.0.1
    oracle http server 9.2.0
    apple mac os x 10.0
    apple mac os x 10.0.1
    apple mac os x 10.0.2
    apple mac os x 10.0.3
    apple mac os x 10.0.4
    apple mac os x 10.1
    apple mac os x 10.1.1
    apple mac os x 10.1.2
    apple mac os x 10.1.3
    apple mac os x 10.1.4
    apple mac os x 10.1.5
    openssl openssl 0.9.7
    openssl openssl 0.9.6a
    openssl openssl 0.9.6
    openssl openssl 0.9.6 beta1
    openssl openssl 0.9.6 beta2
    openssl openssl 0.9.6 beta3
    openssl openssl 0.9.6a beta1
    openssl openssl 0.9.6a beta2
    openssl openssl 0.9.6a beta3
    openssl openssl 0.9.6b
    openssl openssl 0.9.6c
    openssl openssl 0.9.6d
    openssl openssl 0.9.7 beta1
    openssl openssl 0.9.7 beta2
    freebsd freebsd *
    hp jetdirect *
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    trustix secure linux 1.5
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    engardelinux secure linux -
    openpkg openpkg 1.0
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    engardelinux secure professional -
    openpkg openpkg current
    hp openvms *
    redhat enterprise linux 2.1
    oracle application server 1.0.2.2
    redhat linux advanced workstation 2.1
    oracle reports 9.0.2
    oracle application server 1.0.2.0
    oracle application server 1.0.2.1