[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module

To: <advisory@xxxxxxx>
Subject: [Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module
From: "CIRT.DK Advisory" <advisory@xxxxxxx>
Date: Sun, 12 Jun 2005 23:53:48 +0200

ID: NOVL102200 
Domain: primus 
Solution Class: Novell 
Fact: Novell iManager 2.02 
Fact: Apache 2.0.48 
Fact: OpenSSL 0.9.7 
Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache 
Symptom: Server stops responding and an error occurs 
Cause: Multiple vulnerabilities were reported in the ASN.1 parsing code in
OpenSSL. 
These issues could be exploited to cause a denial of service or to execute
arbitrary code. 

Fix: These vulnerabilites are corrected in OpenSSL 0.9.7d. 
iManager 2.5 ships with OpenSSL 0.9.7d - to resolve the vulnerability
upgrading is suggested.

Read the full advisory at http://www.cirt.dk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service
Next by Date: [Full-disclosure] Web application Security Scanner
Previous by thread: [Full-disclosure] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service
Next by thread: [Full-disclosure] Web application Security Scanner
Index(es):
- Date
- Thread