{"vuid":"VU#465542","idnumber":"465542","name":"OpenSSL does not properly handle unknown message types","keywords":["OpenSSL","DoS","denial of service","infinite loop"],"overview":"OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7.","clean_desc":"OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. OpenSSL prior to version 0.9.6d does not properly handle unknown message types. An attacker could cause the application using OpenSSL to enter an infinite loop, resulting in a denial of service. Further information is available in NISCC/224012/OpenSSL/3.","impact":"An unauthenticated, remote attacker could cause a denial of service in an application that uses OpenSSL.","resolution":"Upgrade or Patch\nThis vulnerability was addressed in OpenSSL versions 0.9.6d and 0.9.7. Upgrade to OpenSSL version 0.9.6d or 0.9.7 greater. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by the OpenSSL Project and the U.K. National Infrastructure Security Co-ordination Centre (NISCC).","author":"This document was written by Damon Morda and Art Manion.","public":["http://www.openssl.org","http://www.uniras.gov.uk/vuls/2004/224012/index.htm","http://cvs.openssl.org/chngview?cn=5721","http://cvs.openssl.org/chngview?cn=5722","http://cvs.openssl.org/getfile?v=1.618.2.137&f=openssl/CHANGES","http://cvs.openssl.org/getfile?v=1.954&f=openssl/CHANGES"],"cveids":["CVE-2004-0081"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-03-16T19:37:48Z","publicdate":"2004-03-17T00:00:00Z","datefirstpublished":"2004-03-17T13:42:27Z","dateupdated":"2005-05-06T17:31:07Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"7","cam_impact":"7","cam_easeofexploitation":"13","cam_attackeraccessrequired":"16","cam_scorecurrent":"5.1597","cam_scorecurrentwidelyknown":"6.1152","cam_scorecurrentwidelyknownexploited":"9.9372","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.1597,"vulnote":null}