{"vuid":"VU#927278","idnumber":"927278","name":"Multiple vulnerabilities in X.400 implementations","keywords":["NISCC","UNIRAS","OUSPG","X.400","ASN.1"],"overview":"Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code.","clean_desc":"The U.K. National Infrastructure Security Co-ordination Center (NISCC) has reported multiple vulnerabilities in different vendors' implementations of the X.400 protocols. X.400 is the short name for the set of standards defined by the ISO and the ITU that describe a messaging service. These protocols are widely used in email transport applications among other services. Messages using the X.400 protocols are normally exchanged utilizing Basic Encoding Rules (BER) encoded ASN.1 data structures. Crafted messages that do not correctly conform to the X.400 ASN.1 definitions may cause a receiving X.400 system to behave in an unpredictable way. A test suite developed by NISCC has exposed vulnerabilities in a variety of X.400 implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere. Due to the general lack of specific vulnerability information, this document covers multiple vulnerabilities in different X.400 implementations. Information about individual vendors is available in the Systems Affected section. Further information is available in NISCC Vulnerability Advisory - 006489/X400","impact":"The impacts associated with these vulnerabilities include denial of service, and potential execution of arbitrary code.","resolution":"Patch or Upgrade Apply a patch or upgrade as appropriate. Information about specific vendors is available in the Systems Affected section of this document.","workarounds":"","sysaffected":"","thanks":"These vulnerabilities were discovered and researched by the \nNISCC\n Vulnerability Management Team.","author":"This document was written by Chad R Dougherty based on information provided by NISCC.","public":["http://www.alvestrand.no/x400/standards.html","http://www.uniras.gov.uk/vuls/2003/006489/x400.htm","http://www.itu.int/ITU-T/asn1/"],"cveids":["CVE-2003-0565"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-10-27T16:38:16Z","publicdate":"2003-11-04T00:00:00Z","datefirstpublished":"2003-11-04T18:49:31Z","dateupdated":"2003-12-08T18:41:24Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"18","cam_impact":"6","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"6.37875","cam_scorecurrentwidelyknown":"12.7575","cam_scorecurrentwidelyknownexploited":"21.2625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.37875,"vulnote":null}