[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VulnWatch] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module

To: "Vulnwatch@Vulnwatch. Org" <vulnwatch@xxxxxxxxxxxxx>
Subject: [VulnWatch] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module
From: "CIRT.DK Mailinglists" <mailinglists@xxxxxxx>
Date: Sun, 12 Jun 2005 23:57:21 +0200

ID: NOVL102200 
Domain: primus 
Solution Class: Novell 
Fact: Novell iManager 2.02 
Fact: Apache 2.0.48 
Fact: OpenSSL 0.9.7 
Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache 
Symptom: Server stops responding and an error occurs 
Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in
OpenSSL. 
These issues could be exploited to cause a denial of service or to execute
arbitrary code. 

Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. 
iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability
upgrading is suggested.

Read the full advisory at http://www.cirt.dk

Prev by Date: [VulnWatch] xmysqladmin insecure temporary file creation
Next by Date: [VulnWatch] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service
Previous by thread: [VulnWatch] xmysqladmin insecure temporary file creation
Next by thread: [VulnWatch] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service
Index(es):
- Date
- Thread