CVE-2005-1247

Name of the Vulnerable Software and Affected Versions Novell Nsure Audit version 1.0.1 OpenSSL version 0.9.6

Description The issue allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client. The network device may be vulnerable to this issue even if it is configured to not authenticate certificates from the client.

Recommendations For Novell Nsure Audit version 1.0.1, consider disabling the webadmin.exe service until a patch is available. For OpenSSL version 0.9.6, restrict access to the SSL server to minimize the risk of exploitation. As a temporary workaround, consider implementing workarounds to mitigate the effects of these issues, such as configuring the server to not accept malformed certificates.