CVE-2003-0564 Information

Description

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs as demonstrated using the NISSC test suite.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://www.kb.cert.org/vuls/id/428230 http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/8981 http://www.uniras.gov.uk/vuls/2003/006489/smime.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/13603 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11462 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A872 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A914