{"vuid":"VU#661475","idnumber":"661475","name":"OpenSSL Server Name extension Denial of Service","keywords":["OpenSSL","DoS","denial of service","server name extension data","Server Key exchange message","TLS handshake"],"overview":"A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service.","clean_desc":"OpenSSL contains a vulnerability in the way server name extension data is handled that may result in a denial of service. According to OpenSSL Security Advisory [28-Mar-2008]: If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash. Note that this issue may affect OpenSSL versions prior to  0.9.8h.","impact":"A remote, unauthorized attacker may be able to cause a denial of service.","resolution":"Upgrade or Apply Patch\nOpenSSL has issued an upgrade and a patch to address this issue. See OpenSSL Security Advisory [28-Mar-2008] for more information. OpenSSL is included in various Linux and UNIX distributions. Please consult the relevant documentation of your distribution to obtain the appropriate updates..","workarounds":"","sysaffected":"","thanks":"This issue was reported in \nOpenSSL Security Advisory [28-Mar-2008] OpenSSL credits Codenomicon for reporting these issues.","author":"This document was written by Chris Taschner.","public":["http://www.securityfocus.com/bid/29405","http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html","http://secunia.com/advisories/30405/","http://www.openssl.org/news/secadv_20080528.txt"],"cveids":["CVE-2008-0891"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-05-28T19:05:08Z","publicdate":"2008-05-28T00:00:00Z","datefirstpublished":"2008-05-30T15:34:51Z","dateupdated":"2008-05-30T15:35:12Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"20","cam_impact":"7","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"14.88375","cam_scorecurrentwidelyknown":"17.64","cam_scorecurrentwidelyknownexploited":"28.665","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":14.88375,"vulnote":null}