CVE-2003-0544

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.6 through 0.9.7

Description The issue concerns multiple vulnerabilities in the OpenSSL package that can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client.

Recommendations For OpenSSL versions 0.9.6 through 0.9.7, consider disabling the use of SSL client certificates until a patch is available. As a temporary workaround, restrict access to the SSL server to minimize the risk of exploitation. Avoid using the long form of ASN.1 inputs in SSL client certificates until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.