[VulnWatch] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module

From: CIRT.DK Mailinglists (mailinglists@private)
Date: Sun Jun 12 2005 - 14:57:21 PDT

Previous message: ZATAZ Audits: "[VulnWatch] xmysqladmin insecure temporary file creation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ID: NOVL102200 
Domain: primus 
Solution Class: Novell 
Fact: Novell iManager 2.02 
Fact: Apache 2.0.48 
Fact: OpenSSL 0.9.7 
Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache 
Symptom: Server stops responding and an error occurs 
Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in
OpenSSL. 
These issues could be exploited to cause a denial of service or to execute
arbitrary code. 

Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. 
iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability
upgrading is suggested.

Read the full advisory at http://www.cirt.dk

Previous message: ZATAZ Audits: "[VulnWatch] xmysqladmin insecure temporary file creation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jun 13 2005 - 08:25:40 PDT