Vulnwatch mailing list archives

[CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module

From: "CIRT.DK Mailinglists" <mailinglists () cirt dk>
Date: Sun, 12 Jun 2005 23:57:21 +0200

ID: NOVL102200 
Domain: primus 
Solution Class: Novell 
Fact: Novell iManager 2.02 
Fact: Apache 2.0.48 
Fact: OpenSSL 0.9.7 
Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache 
Symptom: Server stops responding and an error occurs 
Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in
OpenSSL. 
These issues could be exploited to cause a denial of service or to execute
arbitrary code. 

Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. 
iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability
upgrading is suggested.

Read the full advisory at http://www.cirt.dk

Current thread:

[CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module CIRT.DK Mailinglists (Jun 13)