CERTVU:428230Multiple vulnerabilities in S/MIME implementations
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.7%
Overview
Multiple vulnerabilities exist in different vendors’ S/MIME (Secure/Multipurpose Internet Mail Extensions) implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code.
Description
The U.K. National Infrastructure Security Co-ordination Center (NISCC) has reported multiple vulnerabilities in different vendors’ implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol. S/MIME allows binary objects and attachments to be sent across an email system. S/MIME extends the MIME specification by including the secure data in an attachment encoded using ASN.1. If one of the entities in an email system knowingly or unknowingly send an exceptional ASN.1 element that cannot be handled properly by another party, the behavior of the application receiving such an element is unpredictable.
A test suite developed by NISCC has exposed vulnerabilities in a variety of S/MIME implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere. Note that cryptographic libraries that implement S/MIME frequently provide more general-purpose cryptographic utility. In such libraries, it is common for ASN.1 parsing code to be shared between S/MIME and other cryptographic functions.
Due to the general lack of specific vulnerability information, this document covers multiple vulnerabilities in different S/MIME implementations. Information about individual vendors is available in the Systems Affected section.
Further information is available in NISCC Vulnerability Advisory - 006489/SMIME
Impact
The impacts associated with these vulnerabilities include denial of service, and potential execution of arbitrary code.
Solution
Patch or Upgrade
Apply a patch or upgrade as appropriate. Information about specific vendors is available in the Systems Affected section of this document.
Vendor Information
428230
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Hitachi __ Affected
Notified: November 04, 2003 Updated: November 06, 2003
Status
Affected
Vendor Statement
`Following Products are Vulnerable to this issue. Impact is limited to Denial of Service. Fixes for this issue which will be available shortly.
- Hitachi PKI Runtime Library
- Hitachi Groupmax Mail - Security Option`
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Check Point __ Not Affected
Notified: November 04, 2003 Updated: November 06, 2003
Status
Not Affected
Vendor Statement
Check Point products are not vulnerable to VU#428230, VU#927278.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Clavister __ Not Affected
Notified: November 04, 2003 Updated: November 04, 2003
Status
Not Affected
Vendor Statement
Clavister products: Not vulnerable
No Clavister products implement S/MIME services.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Fujitsu __ Not Affected
Notified: November 04, 2003 Updated: December 08, 2003
Status
Not Affected
Vendor Statement
Fujitsu's UXP/V o.s. is not affected by the problem in VU#428230, VU#927278 because it does not support S/MIME or X.400.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Intoto __ Not Affected
Notified: November 04, 2003 Updated: November 06, 2003
Status
Not Affected
Vendor Statement
Intoto Inc. analysed the security threats posed by vlunerablilies documented in CERT's VU#428230. Intoto network security products are not affected by these vulnerabilitis, as they do not implement S/MIME protocol.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Nortel Networks __ Not Affected
Notified: November 04, 2003 Updated: November 04, 2003
Status
Not Affected
Vendor Statement
Nortel Networks products are not affected by this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Sun Microsystems Inc. __ Not Affected
Notified: November 04, 2003 Updated: November 14, 2003
Status
Not Affected
Vendor Statement
Sun Microsystems Inc. product are not affected by VU#428230 S/MIME vulnerabilities.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Tumbleweed Communications Corp. __ Not Affected
Updated: November 13, 2003
Status
Not Affected
Vendor Statement
Regarding the Vulnerability Note VU#428230 - "Multiple vulnerabilities in S/MIME implementations", we have double-checked our S/MIME implementation for the Tumbleweed MMS(TM) email firewall and S/MIME gateway, and we are not vulnerable to this issue.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Xerox Corporation __ Not Affected
Notified: November 04, 2003 Updated: November 25, 2003
Status
Not Affected
Vendor Statement
A response to this vulnerability is available from our Security Information site: ``<http://www.xerox.com/security>``.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
3Com Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Alcatel Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Apple Computer Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
At&T Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Avaya Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
BSDI Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Borderware Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
COVERT Labs Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Cisco Systems Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Computer Associates Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Conectiva Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Cray Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
D-Link Systems Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Data General Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Debian Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Extreme Networks Unknown
Notified: November 04, 2003 Updated: December 03, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
F5 Networks Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Foundry Networks Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
FreeBSD Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Global Technology Associates Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Guardian Digital Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Hewlett-Packard Company __ Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SOURCE: Hewlett-Packard Company Software Security Response Team
x-ref: [NISCC 006489] SSRT3624 (x.400), SSRT3625 (smime)
At the time of writing this document, HP is investigating the potential impact to HP's optional software products.
As further information becomes available HP will provide notice of the availability of necessary patches through standard security bulletin announcements and through your normal HP Services support channel
To report any security issue for any HP software product send email to [email protected]
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2
iQA/AwUBP6gKLOAfOvwtKn1ZEQKkegCdHKqOyYEvWcrfHA0IQ2pv5sHvG3wAnis3 Hi0iJvI5JwZmV5heOjNLBA3p =8xaF -----END PGP SIGNATURE-----
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
IBM Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
IBM eServer Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
IBM-zSeries Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
IP Filter Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Ingrian Networks Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Intel Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Juniper Networks Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Lachman Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Linksys Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Lotus Software Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Lucent Technologies Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
MandrakeSoft Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Microsoft Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
MontaVista Software Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Multi-Tech Systems Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Multinet Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
NEC Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
NetBSD Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
NetScreen Technologies Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Netfilter Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Network Appliance Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Nokia Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Novell Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
OpenBSD Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Openwall GNU/*/Linux Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Oracle Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Red Hat Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Redback Networks Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Riverstone Networks Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
SCO Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
SGI Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Secure Computing Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
SecureWorx Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Sequent Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Sony Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Stonesoft Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
SuSE Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Symantec Corporation Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
TurboLinux Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Unisys Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
WatchGuard Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Wind River Systems Inc. Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
Wirex Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
eSoft Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
zyXEL Unknown
Notified: November 04, 2003 Updated: November 04, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23428230 Feedback>).
View all 76 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.uniras.gov.uk/vuls/2003/006489/smime.htm>
- <http://www.ietf.org/rfc/rfc2633.txt>
- <http://www.itu.int/ITU-T/asn1/>
Acknowledgements
These vulnerabilities were discovered and researched by the NISCC Vulnerability Management Team.
This document was written by Chad R Dougherty based on information from NISCC.
Other Information
| CVE IDs: | CVE-2003-0564 |
|---|---|
| Severity Metric: | 8.51 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.7%