• info
• discussion
• exploit
• solution
• references

Multiple Vendor S/MIME ASN.1 Parsing Denial of Service Vulnerabilities

Solution:
SGI have released an advisory (20040402-01-U) and a patch to address this issue in SGI ProPack version 2.3 and 2.4. The vendor has advised that customers apply this patch as soon as possible. Further details regarding obtaining and applying an appropriate patch can be found in the referenced advisory. Patch is linked below.

Mandrake has released an advisory MDKSA-2004:021 to address this issue. Please see the referenced advisory for more information.

Redhat has released advisory RHSA-2004:112-01 dealing with this issue. Please see the reference for more information.

RedHat has released an update to the previously released advisory RHSA-2004:110-19, RHSA-2004:110-20 is now available and deals with this issue for their Enterprise linux distribution. Please see the referenced advisory for more information and details on obtaining fixes.

HP has released advisory HPSBUX01036-SSRT4722 dealing with this and other issues; fixes have been provided.

SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.

The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.


Mozilla Browser 1.4 b

• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.6.0.00 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html

Mozilla Browser 1.4

• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.6.0.00 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• Mandrake lib64nspr4-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64nspr4-devel-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64nss3-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64nss3-devel-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.4-13.2.92mdk.amd64.rpm
  Mandrakelinux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.4-13.2.92mdk.i586.rpm
  Mandrakelinux 9.2
  http://www.mandrakesecure.net/en/ftp.php

Mozilla Browser 1.4 a

• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.6.0.00 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html

Mozilla Browser 1.4.1

• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.6.0.00 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• RedHat epiphany-1.0.4-2.4.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.4- 2.4.legacy.i386.rpm


• RedHat mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.4.3-1 .fc1.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1 .4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-ins pector-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debu gger-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-de vel-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.4 .3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-dev el-1.4.3-1.fc1.1.legacy.i386.rpm

Mozilla Browser 1.4.2

• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• Red Hat mozilla-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-1.4.2-0.9.0.i386.rpm


• Red Hat mozilla-chat-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-chat-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-devel-1.4.2-0.9.0.i386.r pm


• Red Hat mozilla-dom-inspector-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-dom-inspector-1.4.2-0.9. 0.i386.rpm


• Red Hat mozilla-js-debugger-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-js-debugger-1.4.2-0.9.0. i386.rpm


• Red Hat mozilla-mail-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-mail-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-nspr-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nspr-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-nspr-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nspr-devel-1.4.2-0.9.0.i 386.rpm


• Red Hat mozilla-nss-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nss-1.4.2-0.9.0.i386.rpm


• Red Hat mozilla-nss-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nss-devel-1.4.2-0.9.0.i3 86.rpm

SGI ProPack 2.3

• SGI patch10064.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0064.tar.gz

SGI ProPack 2.4

• SGI patch10064.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0064.tar.gz

SGI ProPack 3.0

• SGI patch10075.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

Mozilla Network Security Services (NSS) 3.8

• HP Mozilla 1.2.1.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.4.00.01 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• HP Mozilla 1.6.0.00 for HP-UX
  http://www.hp.com/products1/unix/java/mozilla/index.html


• Red Hat galeon-1.2.13-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/galeon-1.2.13-0.9.0.i386.rpm


• Red Hat mozilla-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-1.4.2-0.9.0.i386.rpm


• Red Hat mozilla-chat-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-chat-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-devel-1.4.2-0.9.0.i386.r pm


• Red Hat mozilla-dom-inspector-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-dom-inspector-1.4.2-0.9. 0.i386.rpm


• Red Hat mozilla-js-debugger-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-js-debugger-1.4.2-0.9.0. i386.rpm


• Red Hat mozilla-mail-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-mail-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-nspr-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nspr-1.4.2-0.9.0.i386.rp m


• Red Hat mozilla-nspr-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nspr-devel-1.4.2-0.9.0.i 386.rpm


• Red Hat mozilla-nss-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nss-1.4.2-0.9.0.i386.rpm


• Red Hat mozilla-nss-devel-1.4.2-0.9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mozilla-nss-devel-1.4.2-0.9.0.i3 86.rpm