Impact
Remote Denial of Service (DoS)
Solution
Please Install the Updated Packages.
Insight
1. Certain ASN.1 encodings that are rejected as invalidby the parser can trigger a bug in the deallocationof the corresponding data structure, corrupting thestack. This can be used as a denial of serviceattack. It is currently unknown whether this can beexploited to run malicious code. This issue does notaffect OpenSSL 0.9.6.<br2. Unusual ASN.1 tag values can cause an out of boundsread under certain circumstances, resulting in adenial of service vulnerability.<br3. A malformed public key in a certificate will crashthe verify code if it is set to ignore public keydecoding errors. Exploitation of an affectedapplication would result in a denial of servicevulnerability.<br4. Due to an error in the SSL/TLS protocol handling,a server will parse a client certificate when one isnot specifically requested.
Affected
BIND v920 on
HP-UX B.11.00, B.11.11, B.11.22, and B.11.23, running BINDv920.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2003-0543, CVE-2003-0544, CVE-2003-0545 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities