{"vuid":"VU#288574","idnumber":"288574","name":"OpenSSL contains null-pointer assignment in do_change_cipher_spec() function","keywords":["OpenSSL","DoS","denial of service","do_change_cipher_spec()"],"overview":"OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash.","clean_desc":"OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. Versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and 0.9.7a to 0.9.7c inclusive contain a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash. Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/1.","impact":"A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL.","resolution":"Upgrade or Patch\nUpgrade to OpenSSL 0.9.7d  or 0.9.6m. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).","author":"This document was written by Damon Morda.","public":["http://www.openssl.org/news/secadv_20040317.txt","http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt","http://www.openssl.org"],"cveids":["CVE-2004-0079"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-03-16T19:35:32Z","publicdate":"2004-03-17T00:00:00Z","datefirstpublished":"2004-03-17T13:41:53Z","dateupdated":"2004-03-26T21:58:36Z","revision":25,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"18","cam_impact":"13","cam_easeofexploitation":"13","cam_attackeraccessrequired":"16","cam_scorecurrent":"27.378","cam_scorecurrentwidelyknown":"31.941","cam_scorecurrentwidelyknownexploited":"50.193","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":27.378,"vulnote":null}