Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt

Rule Explanation

This event is generated when a malformed SSL/TLS Handshake triggers an ASN.1 parsing vulnerability in Novell iManager 2.0.2 OpenSSL 0.9.7 Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Rule Vulnerability

CVE Additional Information

CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
Details
SeverityMEDIUM Base Score5.0
Impact Score2.9 Exploit Score10.0
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access VectorNETWORK
AuthenticationNONE Ease of AccessLOW