OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when a null-pointer assignment in the do_change_cipher_spec() function is accessed via a carefully crafted SSL/TLS handshake. This might cause some applications that depend on OpenSSL to crash or otherwise lead to a denial of service, and will result in loss of availability for OpenSSL or the application that is depending on it.

Upgrade to version 0.9.6l, 0.9.7d, or higher and recompile all applications which statically link to OpenSSL, as this has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

• Secunia Advisory ID: 11175 11228 11254 11278 11565 11728 11795 12193 12241 13952 14088 16449 17381 17398 17401 17757 18247
• ISS X-Force ID: 15505
• CVE ID: 2004-0079 (see also: NVD)
• CERT VU: 288574
• Related OSVDB ID: 4316 4318
• SCIP VulDB ID: 567
• Bugtraq ID: 9899
• Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
  http://docs.info.apple.com/article.html?artnum=302163
  http://docs.info.apple.com/article.html?artnum=61798
  http://smoothwall.org/security/advisories/SWP-2004.003.html
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57571
  http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm
  http://support.citrix.com/article/CTX104696
  http://support.lexmark.com/index?page=content&id=TE88
  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm
  http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58123&os=NT&returninput=0
  http://www.debian.org/security/2004/dsa-465
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2004-03-008&viewMode=view [ Auth Req'd ]
  http://www.juniper.net/support/security/alerts/adv58466-2.txt
  http://www.linuxsecurity.com/advisories/engarde_advisory-4136.html
  http://www.linuxsecurity.com/advisories/gentoo_advisory-4149.html
  http://www.linuxsecurity.com/advisories/trustix_advisory-4152.html
  http://www.redhat.com/support/errata/RHSA-2004-121.html
  http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
  http://www.stonesoft.com/document/art/3123.html
  http://www.suse.de/de/security/2004_07_openssl.html
  http://www.tarantella.com/security/bulletin-10.html
• Generic Informational URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005 http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html
• Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.7/SCOSA-2005.7.txt ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
  http://www.openssl.org/news/secadv_20040317.txt
  http://www.uniras.gov.uk/vuls/2004/224012/index.htm
• Generic Exploit URL: http://www.codenomicon.com/testtools/tls/
• Vendor Specific News/Changelog Entry: http://www116.nortel.com/docs/bvdoc/alteon/ssl/iSD-SSL_3.1.6.14_README.pdf
• RedHat RHSA: RHSA-2005:829 RHSA-2005:830
• US-CERT Cyber Security Alert: TA04-078A

• Joe Orton - jortonredhat.com - Red Hat
• Codenomicon - Codenomicon