Full Disclosure mailing list archives

[CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module

From: "CIRT.DK Advisory" <advisory () cirt dk>
Date: Sun, 12 Jun 2005 23:53:48 +0200

ID: NOVL102200 
Domain: primus 
Solution Class: Novell 
Fact: Novell iManager 2.02 
Fact: Apache 2.0.48 
Fact: OpenSSL 0.9.7 
Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache 
Symptom: Server stops responding and an error occurs 
Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in
OpenSSL. 
These issues could be exploited to cause a denial of service or to execute
arbitrary code. 

Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. 
iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability
upgrading is suggested.

Read the full advisory at http://www.cirt.dk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module CIRT.DK Advisory (Jun 12)