CVE-2002-0656

Published: Aug 12, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Affected (34)

Products: Openssl: Openssl · Oracle: Application Server, Corporate Time Outlook Connector, Http Server · Apple: Mac Os X

1 product

3 products

Application Server

Corporate Time Outlook Connector

1 product

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Openssl Openssl	Version 0.9.1c
Openssl Openssl	Version 0.9.2b
Openssl Openssl	Version 0.9.3
Openssl Openssl	Version 0.9.4
Openssl Openssl	Version 0.9.5
Openssl Openssl	Version 0.9.5a
Openssl Openssl	Version 0.9.6
Openssl Openssl	Version 0.9.6a
Openssl Openssl	Version 0.9.6b
Openssl Openssl	Version 0.9.6c
Openssl Openssl	Version 0.9.6d
Openssl Openssl	Version 0.9.7 beta1
Openssl Openssl	Version 0.9.7 beta2
Oracle Application Server	All versions
Oracle Application Server	Version 1.0.2.1s
Oracle Application Server	Version 1.0.2.2
Oracle Application Server	Version 1.0.2
Oracle Corporate Time Outlook Connector	Version 3.1.1
Oracle Corporate Time Outlook Connector	Version 3.1.2
Oracle Corporate Time Outlook Connector	Version 3.1
Oracle Corporate Time Outlook Connector	Version 3.3
Oracle Http Server	Version 9.0.1
Oracle Http Server	Version 9.2.0

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.0.1
Apple Mac Os X	Version 10.0.2
Apple Mac Os X	Version 10.0.3
Apple Mac Os X	Version 10.0.4
Apple Mac Os X	Version 10.0
Apple Mac Os X	Version 10.1.1
Apple Mac Os X	Version 10.1.2
Apple Mac Os X	Version 10.1.3
Apple Mac Os X	Version 10.1.4
Apple Mac Os X	Version 10.1.5
Apple Mac Os X	Version 10.1

References (24)

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt (unsafe URL)

Source: cve@mitre.org

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt (unsafe URL)

Source: cve@mitre.org

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc (unsafe URL)

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513

Source: cve@mitre.org

http://www.cert.org/advisories/CA-2002-23.html

Source: cve@mitre.org

US Government Resource

http://www.iss.net/security_center/static/9714.php

Source: cve@mitre.org

http://www.iss.net/security_center/static/9716.php

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/102795

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/258555

Source: cve@mitre.org

US Government Resource

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/5362

Source: cve@mitre.org

http://www.securityfocus.com/bid/5363

Source: cve@mitre.org

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cert.org/advisories/CA-2002-23.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.iss.net/security_center/static/9714.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/9716.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/102795

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/258555

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/5362

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/5363

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.