CVE-2004-0112

Published: Nov 23, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Affected (233)

Products: Cisco: Firewall Services Module, Ciscoworks Common Management Foundation, Ciscoworks Common Services, Ios, Access Registrar, Application And Content Networking Software, Call Manager, Content Services Switch 11500, Css11000 Content Services Switch, Css Secure Content Accelerator, Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Mds 9000, Okena Stormwatch, Pix Firewall, Pix Firewall Software, Secure Content Accelerator, Threat Response, Webns · Hp: Aaa Server, Apache Based Web Server, Hp Ux, Wbem · Symantec: Clientless Vpn Gateway 4400 · +21 more

Show all products

Cisco: Firewall Services Module, Ciscoworks Common Management Foundation, Ciscoworks Common Services, Ios, Access Registrar, Application And Content Networking Software, Call Manager, Content Services Switch 11500, Css11000 Content Services Switch, Css Secure Content Accelerator, Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Mds 9000, Okena Stormwatch, Pix Firewall, Pix Firewall Software, Secure Content Accelerator, Threat Response, Webns · Hp: Aaa Server, Apache Based Web Server, Hp Ux, Wbem · Symantec: Clientless Vpn Gateway 4400 · Apple: Mac Os X, Mac Os X Server · Avaya: Converged Communications Server, Sg200, Sg203, Sg208, Sg5, Intuity Audix, S8300, S8500, S8700, Vsu · Freebsd: Freebsd · Openbsd: Openbsd · Redhat: Enterprise Linux, Enterprise Linux Desktop, Linux, Openssl · Sco: Openserver · 4d: Webstar · Bluecoat: Cacheos Ca Sa, Proxysg · Checkpoint: Firewall 1, Provider 1, Vpn 1 · Dell: Bsafe Ssl J · Forcepoint: Stonegate · Litespeedtech: Litespeed Web Server · Neoteris: Instant Virtual Extranet · Novell: Edirectory, Imanager · Openssl: Openssl · Securecomputing: Sidewinder · Sgi: Propack · Stonesoft: Servercluster, Stonebeat Fullcluster, Stonebeat Securitycluster, Stonebeat Webcluster · Sun: Crypto Accelerator 4000 · Tarantella: Tarantella Enterprise · Vmware: Gsx Server

Cisco

19 products

Firewall Services Module

Ciscoworks Common Management Foundation

Ciscoworks Common Services

Ios

Access Registrar

Application And Content Networking Software

Call Manager

Content Services Switch 11500

Css11000 Content Services Switch

Css Secure Content Accelerator

Gss 4480 Global Site Selector

Gss 4490 Global Site Selector

Mds 9000

Okena Stormwatch

Pix Firewall

Pix Firewall Software

Secure Content Accelerator

Threat Response

Webns

4 products

Aaa Server

Apache Based Web Server

Hp Ux

Wbem

Symantec

1 product

Clientless Vpn Gateway 4400

2 products

10 products

Converged Communications Server

1 product

1 product

4 products

Enterprise Linux Desktop

1 product

1 product

2 products

3 products

1 product

1 product

1 product

1 product

Instant Virtual Extranet

2 products

1 product

1 product

1 product

4 products

Stonebeat Fullcluster

Stonebeat Securitycluster

Stonebeat Webcluster

Sun

1 product

Crypto Accelerator 4000

Tarantella

1 product

Tarantella Enterprise

Vmware

1 product

Gsx Server

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cisco Firewall Services Module	All versions
Cisco Firewall Services Module	Version 1.1.2
Cisco Firewall Services Module	Version 1.1.3
Cisco Firewall Services Module	Version 1.1_(3.005)
Cisco Firewall Services Module	Version 2.1_(0.208)
Hp Aaa Server	All versions
Hp Apache Based Web Server	Version 2.0.43.00
Hp Apache Based Web Server	Version 2.0.43.04
Symantec Clientless Vpn Gateway 4400	Version 5.0

Configuration B

37 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.3.3
Apple Mac Os X Server	Version 10.3.3
Avaya Converged Communications Server	Version 2.0
Avaya Sg200	Version 4.31.29
Avaya Sg200	Version 4.4
Avaya Sg203	Version 4.31.29
Avaya Sg203	Version 4.4
Avaya Sg208	All versions
Avaya Sg208	Version 4.4
Avaya Sg5	Version 4.2
Avaya Sg5	Version 4.3
Avaya Sg5	Version 4.4
Cisco Ciscoworks Common Management Foundation	Version 2.1
Cisco Ciscoworks Common Services	Version 2.2
Freebsd Freebsd	Version 4.8
Freebsd Freebsd	Version 4.8 releng
Freebsd Freebsd	Version 4.9
Freebsd Freebsd	Version 5.1
Freebsd Freebsd	Version 5.1 release
Freebsd Freebsd	Version 5.1 releng
Freebsd Freebsd	Version 5.2.1 release
Freebsd Freebsd	Version 5.2
Hp Hp Ux	Version 11.00
Hp Hp Ux	Version 11.11
Hp Hp Ux	Version 11.23
Hp Hp Ux	Version 8.05
Openbsd Openbsd	Version 3.3
Openbsd Openbsd	Version 3.4
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Linux	Version 7.2
Redhat Linux	Version 7.3
Redhat Linux	Version 8.0
Sco Openserver	Version 5.0.6
Sco Openserver	Version 5.0.7

Configuration C

187 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Cisco Ios	Version 12.1(11)e
Cisco Ios	Version 12.1(11b)e12
Cisco Ios	Version 12.1(11b)e14
Cisco Ios	Version 12.1(11b)e
Cisco Ios	Version 12.1(13)e9
Cisco Ios	Version 12.1(19)e1
Cisco Ios	Version 12.2(14)sy1
Cisco Ios	Version 12.2(14)sy
Cisco Ios	Version 12.2sy
Cisco Ios	Version 12.2za
4d Webstar	Version 4.0
4d Webstar	Version 5.2.1
4d Webstar	Version 5.2.2
4d Webstar	Version 5.2.3
4d Webstar	Version 5.2.4
4d Webstar	Version 5.2
4d Webstar	Version 5.3.1
4d Webstar	Version 5.3
Avaya Intuity Audix	All versions
Avaya Intuity Audix	Version 5.1.46
Avaya Intuity Audix	Version s3210
Avaya Intuity Audix	Version s3400
Avaya S8300	Version r2.0.0
Avaya S8300	Version r2.0.1
Avaya S8500	Version r2.0.0
Avaya S8500	Version r2.0.1
Avaya S8700	Version r2.0.0
Avaya S8700	Version r2.0.1
Avaya Vsu	Version 10000_r2.0.1
Avaya Vsu	Version 100_r2.0.1
Avaya Vsu	Version 2000_r2.0.1
Avaya Vsu	Version 5000_r2.0.1
Avaya Vsu	Version 500
Avaya Vsu	Version 5
Avaya Vsu	Version 5x
Avaya Vsu	Version 7500_r2.0.1
Bluecoat Cacheos Ca Sa	Version 4.1.10
Bluecoat Cacheos Ca Sa	Version 4.1.12
Bluecoat Proxysg	All versions
Checkpoint Firewall 1	All versions
Checkpoint Firewall 1	Version 2.0
Checkpoint Firewall 1	Version next_generation_fp0
Checkpoint Firewall 1	Version next_generation_fp1
Checkpoint Firewall 1	Version next_generation_fp2
Checkpoint Provider 1	Version 4.1
Checkpoint Provider 1	Version 4.1 sp1
Checkpoint Provider 1	Version 4.1 sp2
Checkpoint Provider 1	Version 4.1 sp3
Checkpoint Provider 1	Version 4.1 sp4
Checkpoint Vpn 1	Version next_generation_fp0
Checkpoint Vpn 1	Version next_generation_fp1
Checkpoint Vpn 1	Version next_generation_fp2
Checkpoint Vpn 1	Version vsx_ng_with_application_intelligence
Cisco Access Registrar	All versions
Cisco Application And Content Networking Software	All versions
Cisco Call Manager	All versions
Cisco Content Services Switch 11500	All versions
Cisco Css11000 Content Services Switch	All versions
Cisco Css Secure Content Accelerator	Version 1.0
Cisco Css Secure Content Accelerator	Version 2.0
Cisco Gss 4480 Global Site Selector	All versions
Cisco Gss 4490 Global Site Selector	All versions
Cisco Mds 9000	All versions
Cisco Okena Stormwatch	Version 3.2
Cisco Pix Firewall	Version 6.2.2_.111
Cisco Pix Firewall Software	Version 6.0
Cisco Pix Firewall Software	Version 6.0(1)
Cisco Pix Firewall Software	Version 6.0(2)
Cisco Pix Firewall Software	Version 6.0(3)
Cisco Pix Firewall Software	Version 6.0(4.101)
Cisco Pix Firewall Software	Version 6.0(4)
Cisco Pix Firewall Software	Version 6.1
Cisco Pix Firewall Software	Version 6.1(1)
Cisco Pix Firewall Software	Version 6.1(2)
Cisco Pix Firewall Software	Version 6.1(3)
Cisco Pix Firewall Software	Version 6.1(4)
Cisco Pix Firewall Software	Version 6.1(5)
Cisco Pix Firewall Software	Version 6.2
Cisco Pix Firewall Software	Version 6.2(1)
Cisco Pix Firewall Software	Version 6.2(2)
Cisco Pix Firewall Software	Version 6.2(3.100)
Cisco Pix Firewall Software	Version 6.2(3)
Cisco Pix Firewall Software	Version 6.3
Cisco Pix Firewall Software	Version 6.3(1)
Cisco Pix Firewall Software	Version 6.3(2)
Cisco Pix Firewall Software	Version 6.3(3.102)
Cisco Pix Firewall Software	Version 6.3(3.109)
Cisco Secure Content Accelerator	Version 10000
Cisco Threat Response	All versions
Cisco Webns	Version 6.10
Cisco Webns	Version 6.10_b4
Cisco Webns	Version 7.10
Cisco Webns	Version 7.10_.0.06s
Cisco Webns	Version 7.1_0.1.02
Cisco Webns	Version 7.1_0.2.06
Cisco Webns	Version 7.2_0.0.03
Dell Bsafe Ssl J	Version 3.0.1
Dell Bsafe Ssl J	Version 3.0
Dell Bsafe Ssl J	Version 3.1
Forcepoint Stonegate	Version 1.5.17
Forcepoint Stonegate	Version 1.5.18
Forcepoint Stonegate	Version 1.6.2
Forcepoint Stonegate	Version 1.6.3
Forcepoint Stonegate	Version 1.7.1
Forcepoint Stonegate	Version 1.7.2
Forcepoint Stonegate	Version 1.7
Forcepoint Stonegate	Version 2.0.1
Forcepoint Stonegate	Version 2.0.4
Forcepoint Stonegate	Version 2.0.5
Forcepoint Stonegate	Version 2.0.6
Forcepoint Stonegate	Version 2.0.7
Forcepoint Stonegate	Version 2.0.8
Forcepoint Stonegate	Version 2.0.9
Forcepoint Stonegate	Version 2.1
Forcepoint Stonegate	Version 2.2.1
Forcepoint Stonegate	Version 2.2.4
Forcepoint Stonegate	Version 2.2
Hp Wbem	Version a.01.05.08
Hp Wbem	Version a.02.00.00
Hp Wbem	Version a.02.00.01
Litespeedtech Litespeed Web Server	Version 1.0.1
Neoteris Instant Virtual Extranet	Version 3.0
Neoteris Instant Virtual Extranet	Version 3.1
Neoteris Instant Virtual Extranet	Version 3.2
Neoteris Instant Virtual Extranet	Version 3.3.1
Neoteris Instant Virtual Extranet	Version 3.3
Novell Edirectory	Version 8.0
Novell Edirectory	Version 8.5.12a
Novell Edirectory	Version 8.5.27
Novell Edirectory	Version 8.5
Novell Edirectory	Version 8.6.2
Novell Edirectory	Version 8.7.1
Novell Edirectory	Version 8.7.1 sp1
Novell Edirectory	Version 8.7
Novell Imanager	Version 1.5
Novell Imanager	Version 2.0
Openssl Openssl	Version 0.9.6c
Openssl Openssl	Version 0.9.6d
Openssl Openssl	Version 0.9.6e
Openssl Openssl	Version 0.9.6f
Openssl Openssl	Version 0.9.6g
Openssl Openssl	Version 0.9.6h
Openssl Openssl	Version 0.9.6i
Openssl Openssl	Version 0.9.6j
Openssl Openssl	Version 0.9.6k
Openssl Openssl	Version 0.9.7
Openssl Openssl	Version 0.9.7 beta1
Openssl Openssl	Version 0.9.7 beta2
Openssl Openssl	Version 0.9.7 beta3
Openssl Openssl	Version 0.9.7a
Openssl Openssl	Version 0.9.7b
Openssl Openssl	Version 0.9.7c
Redhat Openssl	Version 0.9.6-15
Redhat Openssl	Version 0.9.6b-3
Redhat Openssl	Version 0.9.7a-2
Redhat Openssl	Version 0.9.7a-2
Redhat Openssl	Version 0.9.7a-2
Securecomputing Sidewinder	Version 5.2.0.01
Securecomputing Sidewinder	Version 5.2.0.02
Securecomputing Sidewinder	Version 5.2.0.03
Securecomputing Sidewinder	Version 5.2.0.04
Securecomputing Sidewinder	Version 5.2.1.02
Securecomputing Sidewinder	Version 5.2.1
Securecomputing Sidewinder	Version 5.2
Sgi Propack	Version 2.3
Sgi Propack	Version 2.4
Sgi Propack	Version 3.0
Stonesoft Servercluster	Version 2.5.2
Stonesoft Servercluster	Version 2.5
Stonesoft Stonebeat Fullcluster	Version 1_2.0
Stonesoft Stonebeat Fullcluster	Version 1_3.0
Stonesoft Stonebeat Fullcluster	Version 2.0
Stonesoft Stonebeat Fullcluster	Version 2.5
Stonesoft Stonebeat Fullcluster	Version 3.0
Stonesoft Stonebeat Securitycluster	Version 2.0
Stonesoft Stonebeat Securitycluster	Version 2.5
Stonesoft Stonebeat Webcluster	Version 2.0
Stonesoft Stonebeat Webcluster	Version 2.5
Sun Crypto Accelerator 4000	Version 1.0
Tarantella Tarantella Enterprise	Version 3.20
Tarantella Tarantella Enterprise	Version 3.30
Tarantella Tarantella Enterprise	Version 3.40
Vmware Gsx Server	Version 2.0.1_build_2129
Vmware Gsx Server	Version 2.0
Vmware Gsx Server	Version 2.5.1
Vmware Gsx Server	Version 2.5.1_build_5336
Vmware Gsx Server	Version 3.0_build_7592

Running on/with	Platform Versions
Litespeedtech Litespeed Web Server	Version 1.0.2
Litespeedtech Litespeed Web Server	Version 1.0.3
Litespeedtech Litespeed Web Server	Version 1.1.1
Litespeedtech Litespeed Web Server	Version 1.1
Litespeedtech Litespeed Web Server	Version 1.2.1
Litespeedtech Litespeed Web Server	Version 1.2.2
Litespeedtech Litespeed Web Server	Version 1.2 rc1
Litespeedtech Litespeed Web Server	Version 1.2 rc2
Litespeedtech Litespeed Web Server	Version 1.3
Litespeedtech Litespeed Web Server	Version 1.3 rc1
Litespeedtech Litespeed Web Server	Version 1.3 rc2
Litespeedtech Litespeed Web Server	Version 1.3 rc3

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (58)

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc (unsafe URL)

Source: cve@mitre.org

Broken Link

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt (unsafe URL)

Source: cve@mitre.org

Broken Link

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834

Source: cve@mitre.org

Broken Link

http://docs.info.apple.com/article.html?artnum=61798

Source: cve@mitre.org

Broken Link

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Source: cve@mitre.org

Mailing List

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Source: cve@mitre.org

Mailing List

http://lists.apple.com/mhonarc/security-announce/msg00045.html

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=107953412903636&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=108403806509920&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/11139

Source: cve@mitre.org

Broken Link

http://security.gentoo.org/glsa/glsa-200403-03.xml

Source: cve@mitre.org

Third Party Advisory

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524

Source: cve@mitre.org

Broken Link

http://www.ciac.org/ciac/bulletins/o-101.shtml

Source: cve@mitre.org

Broken Link

http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml

Source: cve@mitre.org

Broken Link

http://www.kb.cert.org/vuls/id/484726

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2004:023

Source: cve@mitre.org

Third Party Advisory

http://www.novell.com/linux/security/advisories/2004_07_openssl.html

Source: cve@mitre.org

Broken Link

http://www.openssl.org/news/secadv_20040317.txt

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2004-120.html

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2004-121.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/9899

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB EntryVendor Advisory

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961

Source: cve@mitre.org

Broken Link

http://www.trustix.org/errata/2004/0012

Source: cve@mitre.org

Broken Link

http://www.uniras.gov.uk/vuls/2004/224012/index.htm

Source: cve@mitre.org

Broken Link

http://www.us-cert.gov/cas/techalerts/TA04-078A.html

Source: cve@mitre.org

Broken LinkThird Party AdvisoryUS Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/15508

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580

Source: cve@mitre.org

Broken Link

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc (unsafe URL)