Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SSL:VULN:OPENSSL-HS-DOS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 SSL

Keywords

 OpenSSL Handshake Denial Of Service

Release Date

 2015/06/15

Update Number

 2506

Supported Platforms

 idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SSL: OpenSSL Handshake Denial Of Service


This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Extended Description

Three security vulnerabilities have been reported to affect OpenSSL. Each of these remotely exploitable issues may result in a denial of service in applications which use OpenSSL. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081.

Affected Products

  • 4D WebSTAR 4.0.0
  • 4D WebSTAR 5.2.0
  • 4D WebSTAR 5.2.1
  • 4D WebSTAR 5.2.2
  • 4D WebSTAR 5.2.3
  • 4D WebSTAR 5.2.4
  • 4D WebSTAR 5.3.0
  • 4D WebSTAR 5.3.1
  • Apple Mac OS X 10.3.3
  • Apple Mac OS X 10.3.9
  • Apple Mac OS X 10.4.2
  • Apple Mac OS X Server 10.3.3
  • Apple Mac OS X Server 10.3.9
  • Apple Mac OS X Server 10.4.2
  • Avaya Converged Communications Server 2.0.0
  • Avaya Intuity LX
  • Avaya Intuity S3210
  • Avaya Intuity S3400
  • Avaya Intuity Audix R5
  • Avaya Intuity R5 R5.1.46
  • Avaya S8300 R2.0.0
  • Avaya S8300 R2.0.1
  • Avaya S8500 R2.0.0
  • Avaya S8500 R2.0.1
  • Avaya S8700 R2.0.0
  • Avaya S8700 R2.0.1
  • Avaya SG200 4.31.29
  • Avaya SG200 4.4.0
  • Avaya SG203 4.31.29
  • Avaya SG203 4.4.0
  • Avaya SG208 4.4.0
  • Avaya SG208
  • Avaya SG5 4.2.0
  • Avaya SG5 4.3.0
  • Avaya SG5 4.4.0
  • Avaya SG5X 4.2.0
  • Avaya SG5X 4.3.0
  • Avaya SG5X 4.4.0
  • Avaya VSU 100 R2.0.1
  • Avaya VSU 10000 R2.0.1
  • Avaya VSU 2000 R2.0.1
  • Avaya VSU 5
  • Avaya VSU 500
  • Avaya VSU 5000 R2.0.1
  • Avaya VSU 5x
  • Avaya VSU 7500 R2.0.1
  • Blue Coat Systems CacheOS CA/SA 4.1.10
  • Blue Coat Systems CacheOS CA/SA 4.1.12
  • Blue Coat Systems ProxySG
  • Check Point Software FireWall-1 GX 2.0.0
  • Check Point Software FireWall-1 Next Generation FP0
  • Check Point Software FireWall-1 Next Generation FP1
  • Check Point Software FireWall-1 Next Generation FP2
  • Check Point Software FireWall-1 VSX NG with Application Intelligence
  • Check Point Software Providor-1 4.1.0
  • Check Point Software Providor-1 4.1.0 SP1
  • Check Point Software Providor-1 4.1.0 SP2
  • Check Point Software Providor-1 4.1.0 SP3
  • Check Point Software Providor-1 4.1.0 SP4
  • Check Point Software VPN-1 Next Generation FP0
  • Check Point Software VPN-1 Next Generation FP1
  • Check Point Software VPN-1 Next Generation FP2
  • Check Point Software VPN-1 VSX NG with Application Intelligence
  • Cisco Access Registrar
  • Cisco Application & Content Networking Software (ACNS)
  • Cisco Call Manager
  • Cisco CiscoWorks Common Management Foundation 2.1.0
  • Cisco CiscoWorks Common Services 2.2.0
  • Cisco CSS11000 Content Services Switch
  • Cisco CSS11500 Content Services Switch
  • Cisco CSS Secure Content Accelerator 1.0.0
  • Cisco CSS Secure Content Accelerator 2.0.0
  • Cisco Firewall Services Module (FWSM) 1.1.0 (3.005)
  • Cisco Firewall Services Module (FWSM) 1.1.2
  • Cisco Firewall Services Module (FWSM) 1.1.3
  • Cisco Firewall Services Module (FWSM) 2.1.0 (0.208)
  • Cisco Firewall Services Module (FWSM)
  • Cisco GSS 4480 Global Site Selector
  • Cisco GSS 4490 Global Site Selector
  • Cisco IOS 12.1(11B)E
  • Cisco IOS 12.1(11B)E12
  • Cisco IOS 12.1(11B)E14
  • Cisco IOS 12.1(11)E
  • Cisco IOS 12.1(11)EA1
  • Cisco IOS 12.1(11)EC
  • Cisco IOS 12.1(13)E9
  • Cisco IOS 12.1(19)E1
  • Cisco IOS 12.2(14)SY
  • Cisco IOS 12.2(14)SY1
  • Cisco IOS 12.2SY
  • Cisco IOS 12.2ZA
  • Cisco MDS 9000
  • Cisco Okena Stormwatch 3.2.0
  • Cisco PIX Firewall 6.0.0
  • Cisco PIX Firewall 6.0.0 (1)
  • Cisco PIX Firewall 6.0.0 (2)
  • Cisco PIX Firewall 6.0.0 (4)
  • Cisco PIX Firewall 6.0.0 (4.101)
  • Cisco PIX Firewall 6.0.3
  • Cisco PIX Firewall 6.0.4
  • Cisco PIX Firewall 6.1.0
  • Cisco PIX Firewall 6.1.0 (1)
  • Cisco PIX Firewall 6.1.0 (2)
  • Cisco PIX Firewall 6.1.0 (3)
  • Cisco PIX Firewall 6.1.0 (4)
  • Cisco PIX Firewall 6.1.0 (5)
  • Cisco PIX Firewall 6.1.3
  • Cisco PIX Firewall 6.1.4
  • Cisco PIX Firewall 6.1.5
  • Cisco PIX Firewall 6.2.0
  • Cisco PIX Firewall 6.2.0 (1)
  • Cisco PIX Firewall 6.2.0 (2)
  • Cisco PIX Firewall 6.2.0 (3)
  • Cisco PIX Firewall 6.2.0 (3.100)
  • Cisco PIX Firewall 6.2.1
  • Cisco PIX Firewall 6.2.2
  • Cisco PIX Firewall 6.2.2 .111
  • Cisco PIX Firewall 6.2.3
  • Cisco PIX Firewall 6.3.0
  • Cisco PIX Firewall 6.3.0 (1)
  • Cisco PIX Firewall 6.3.0 (3.102)
  • Cisco PIX Firewall 6.3.0 (3.109)
  • Cisco PIX Firewall 6.3.1
  • Cisco PIX Firewall 6.3.2
  • Cisco Secure Content Accelerator 10000
  • Cisco Threat Response
  • Cisco WebNS 6.10.0
  • Cisco WebNS 6.10.0 B4
  • Cisco WebNS 7.10.0
  • Cisco WebNS 7.10.0 .0.06s
  • Cisco WebNS 7.1.0 0.1.02
  • Cisco WebNS 7.1.0 0.2.06
  • Cisco WebNS 7.2.0 0.0.03
  • Citrix Secure Gateway for Solaris 1.1.0
  • Citrix Secure Gateway for Solaris 1.12.0
  • Citrix Secure Gateway for Solaris 1.13.0
  • Computer Associates eTrust Security Command Center 1.0.0
  • FreeBSD 4.8.0
  • FreeBSD 4.8.0 -RELENG
  • FreeBSD 4.9.0
  • FreeBSD 5.1.0
  • FreeBSD 5.1.0 -RELEASE
  • FreeBSD 5.1.0 -RELENG
  • FreeBSD 5.2.0
  • FreeBSD 5.2.0 -RELEASE
  • HP AAA Server
  • HP Apache-Based Web Server 2.0.43 .00
  • HP Apache-Based Web Server 2.0.43 .04
  • HP HP-UX 11.0.0
  • HP HP-UX 11.11.0
  • HP HP-UX 11.23.0
  • HP HP-UX 8.5.0
  • HP WBEM A.01.05.08
  • HP WBEM A.02.00.00
  • HP WBEM A.02.00.01
  • Lite Speed Technologies LiteSpeed Web Server 1.0.1
  • Lite Speed Technologies LiteSpeed Web Server 1.0.3
  • Lite Speed Technologies LiteSpeed Web Server 1.1.0
  • Lite Speed Technologies LiteSpeed Web Server 1.1.1
  • Lite Speed Technologies LiteSpeed Web Server 1.2.0 RC1
  • Lite Speed Technologies LiteSpeed Web Server 1.2.0 RC2
  • Lite Speed Technologies LiteSpeed Web Server 1.2.1
  • Lite Speed Technologies LiteSpeed Web Server 1.2.2
  • Lite Speed Technologies LiteSpeed Web Server 1.3.0
  • Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC1
  • Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC2
  • Lite Speed Technologies LiteSpeed Web Server 1.3.0 RC3
  • Lite Speed Technologies LiteSpeed Web Server 1.3.1
  • Netscreen Instant Virtual Extranet 3.0.0
  • Netscreen Instant Virtual Extranet 3.1.0
  • Netscreen Instant Virtual Extranet 3.2.0
  • Netscreen Instant Virtual Extranet 3.3.0
  • Netscreen Instant Virtual Extranet 3.3.1
  • Novell eDirectory 8.0.0
  • Novell eDirectory 8.5.0
  • Novell eDirectory 8.5.12 a
  • Novell eDirectory 8.5.27
  • Novell eDirectory 8.6.2
  • Novell eDirectory 8.7.0
  • Novell eDirectory 8.7.1
  • Novell eDirectory 8.7.1 SU1
  • Novell iManager 1.5.0
  • Novell iManager 2.0.0
  • OpenBSD 3.3
  • OpenBSD 3.4
  • OpenSSL Project OpenSSL 0.9.6 C
  • OpenSSL Project OpenSSL 0.9.6 D
  • OpenSSL Project OpenSSL 0.9.6 E
  • OpenSSL Project OpenSSL 0.9.6 F
  • OpenSSL Project OpenSSL 0.9.6 G
  • OpenSSL Project OpenSSL 0.9.6 H
  • OpenSSL Project OpenSSL 0.9.6 I
  • OpenSSL Project OpenSSL 0.9.6 J
  • OpenSSL Project OpenSSL 0.9.6 K
  • OpenSSL Project OpenSSL 0.9.7
  • OpenSSL Project OpenSSL 0.9.7 A
  • OpenSSL Project OpenSSL 0.9.7 B
  • OpenSSL Project OpenSSL 0.9.7 Beta1
  • OpenSSL Project OpenSSL 0.9.7 Beta2
  • OpenSSL Project OpenSSL 0.9.7 Beta3
  • OpenSSL Project OpenSSL 0.9.7 C
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Fedora Core3
  • Red Hat Linux 7.2.0
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 8.0.0
  • Red Hat openssl096-0.9.6-15.i386.rpm
  • Red Hat openssl096b-0.9.6b-3.i386.rpm
  • Red Hat openssl-0.9.7a-2.i386.rpm
  • Red Hat openssl-devel-0.9.7a-2.i386.rpm
  • Red Hat openssl-perl-0.9.7a-2.i386.rpm
  • RSA Security BSAFE SSL-J SDK 3.0.0
  • RSA Security BSAFE SSL-J SDK 3.0.1
  • RSA Security BSAFE SSL-J SDK 3.1.0
  • SCO Open Server 5.0.6
  • SCO Open Server 5.0.7
  • SCO Unixware 7.1.1
  • SCO Unixware 7.1.3
  • Secure Computing Sidewinder 5.2.0
  • Secure Computing Sidewinder 5.2.0 .0.01
  • Secure Computing Sidewinder 5.2.0 .0.02
  • Secure Computing Sidewinder 5.2.0 .0.03
  • Secure Computing Sidewinder 5.2.0 .0.04
  • Secure Computing Sidewinder 5.2.0 .1
  • Secure Computing Sidewinder 5.2.0 .1.02
  • SGI IRIX 6.5.20 F
  • SGI IRIX 6.5.20 M
  • SGI IRIX 6.5.21 F
  • SGI IRIX 6.5.21 M
  • SGI IRIX 6.5.22 m
  • SGI IRIX 6.5.23 M
  • SGI IRIX 6.5.24 M
  • SGI ProPack 2.3.0
  • SGI ProPack 2.4.0
  • SGI ProPack 3.0.0
  • SGI ProPack 3.0.0 SP6
  • Stonesoft ServerCluster 2.5.0
  • Stonesoft ServerCluster 2.5.2
  • Stonesoft StoneBeat FullCluster for Firewall-1 2.0.0
  • Stonesoft StoneBeat FullCluster for Firewall-1 3.0.0
  • Stonesoft StoneBeat FullCluster for Gauntlet 2.0.0
  • Stonesoft StoneBeat FullCluster for ISA Server 3.0.0
  • Stonesoft StoneBeat FullCluster for Raptor 2.0.0
  • Stonesoft StoneBeat FullCluster for Raptor 2.5.0
  • Stonesoft StoneBeat SecurityCluster 2.0.0
  • Stonesoft StoneBeat SecurityCluster 2.5.0
  • Stonesoft StoneBeat WebCluster 2.0.0
  • Stonesoft StoneBeat WebCluster 2.5.0
  • Stonesoft StoneGate 1.5.17
  • Stonesoft StoneGate 1.5.18
  • Stonesoft StoneGate 1.6.2
  • Stonesoft StoneGate 1.6.3
  • Stonesoft StoneGate 1.7.0
  • Stonesoft StoneGate 1.7.1
  • Stonesoft StoneGate 1.7.2
  • Stonesoft StoneGate 2.0.1
  • Stonesoft StoneGate 2.0.4
  • Stonesoft StoneGate 2.0.5
  • Stonesoft StoneGate 2.0.6
  • Stonesoft StoneGate 2.0.7
  • Stonesoft StoneGate 2.0.8
  • Stonesoft StoneGate 2.0.9
  • Stonesoft StoneGate 2.1.0
  • Stonesoft StoneGate 2.2.0
  • Stonesoft StoneGate 2.2.1
  • Stonesoft StoneGate 2.2.4
  • Stonesoft StoneGate VPN Client 1.7.0
  • Stonesoft StoneGate VPN Client 1.7.2
  • Stonesoft StoneGate VPN Client 2.0.0
  • Stonesoft StoneGate VPN Client 2.0.7
  • Stonesoft StoneGate VPN Client 2.0.8
  • Stonesoft StoneGate VPN Client 2.0.9
  • Sun Crypto Accelerator 4000 1.0.0
  • Symantec Clientless VPN Gateway 4400 Series 5.0.0
  • Tarantella Enterprise 3 3.20.0 0
  • Tarantella Enterprise 3 3.30.0
  • Tarantella Enterprise 3 3.40.0
  • VMWare GSX Server 2.0.0
  • VMWare GSX Server 2.0.1 build 2129
  • VMWare GSX Server 2.5.1
  • VMWare GSX Server 2.5.1 build 5336
  • VMWare GSX Server 3.0.0 build 7592

References

  • BugTraq: 9899
  • CVE: CVE-2004-0079

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out