A remote overflow exists in OpenSSL. OpenSSL fails to correctly handle error conditions in ASN.1 tags in SSL client certificates, resulting in a integer overflow. With a specially crafted request, an attacker can cause a denial of service in OpenSSL or an application using it, resulting in a loss of availability.

Upgrade to version 0.9.7c or 0.9.6k. or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

• Secunia Advisory ID: 10057 11697 11728 22249 9814 9916
• ISS X-Force ID: 13315 13316 13322
• Milw0rm: 146
• Exploit Database: 146
• CVE ID: 2003-0543 (see also: NVD)
• Bugtraq ID: 5366 8732
• CERT: CA-2003-26
• Vendor Specific News/Changelog Entry: ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf http://www-01.ibm.com/support/docview.wss?uid=swg21140778
  http://www.cyberguard.info/snapgear/releases.html
  http://www.ingate.com/relnote-331.php
  http://www116.nortel.com/docs/bvdoc/alteon/ssl/iSD-SSL_3.1.6.14_README.pdf
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0342.html
• Other Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?dochttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/5749857498=fsalert/57498
  http://www.bluecoat.com/support/knowledge/advisory_openSSL_ASN_vulnerability.html
  http://www.debian.org/security/2003/dsa-393
  http://www.debian.org/security/2003/dsa-394
  http://www.ingate.com/relnote-331.php
  http://www.smoothwall.org/home/news/item/20031001.01.html
  http://www.stonesoft.com/document/art/3040.html
  http://www.tarantella.com/security/bulletin-08.html
  http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
• Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=61798
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57599
  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm
  http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58123&os=NT&returninput=0
  http://www-1.ibm.com/support/docview.wss?uid=swg21247112
  http://www.hitachi-support.com/security_e/vuls_e/HS03-007_e/index-e.html
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2003-09-012&viewMode=view [ Auth Req'd ]
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2004-07-003&viewMode=view
  http://www.openbsd.org/errata33.html#asn1
  http://www.openssl.org/news/secadv_20030930.txt
  http://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-arc-101497.html
• Vendor URL: http://www-03.ibm.com/servers/eserver/xseries/systems_management/ibm_director/resources/index.html

• Dr Stephen Henson - steveopenssl.org - OpenSSL
• Dr Stephen Henson - steveopenssl.org - OpenSSL