ID CVE-2006-3738
Summary Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
  • OpenSSL Project OpenSSL 0.9.7a
    cpe:2.3:a:openssl:openssl:0.9.7a
  • OpenSSL Project OpenSSL 0.9.7b
    cpe:2.3:a:openssl:openssl:0.9.7b
  • OpenSSL Project OpenSSL 0.9.7c
    cpe:2.3:a:openssl:openssl:0.9.7c
  • OpenSSL Project OpenSSL 0.9.7d
    cpe:2.3:a:openssl:openssl:0.9.7d
  • OpenSSL Project OpenSSL 0.9.7e
    cpe:2.3:a:openssl:openssl:0.9.7e
  • OpenSSL Project OpenSSL 0.9.7f
    cpe:2.3:a:openssl:openssl:0.9.7f
  • OpenSSL Project OpenSSL 0.9.7g
    cpe:2.3:a:openssl:openssl:0.9.7g
  • OpenSSL Project OpenSSL 0.9.7h
    cpe:2.3:a:openssl:openssl:0.9.7h
  • OpenSSL Project OpenSSL 0.9.7i
    cpe:2.3:a:openssl:openssl:0.9.7i
  • OpenSSL Project OpenSSL 0.9.7j
    cpe:2.3:a:openssl:openssl:0.9.7j
  • OpenSSL Project OpenSSL 0.9.7k
    cpe:2.3:a:openssl:openssl:0.9.7k
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
CVSS
Base: 10.0 (as of 02-10-2006 - 07:50)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0264.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43836
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43836
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0525.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types can take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43838
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43838
    title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0629.NASL
    description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function's handling of UTF-32/UCS-4 strings. If an application used the repr() function on untrusted data, this could lead to a denial of service or, possibly, allow the execution of arbitrary code with the privileges of the application using the flawed function. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This could, potentially, cause disclosure of data stored in the memory of an application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or, possibly, execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 43839
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43839
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1195.NASL
    description Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer. - CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. - CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. - CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC ( www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.
    last seen 2019-01-16
    modified 2018-07-20
    plugin id 22881
    published 2006-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22881
    title Debian DSA-1195-1 : openssl096 - denial of service (multiple)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-2163.NASL
    description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937 / CVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.
    last seen 2019-01-16
    modified 2016-12-22
    plugin id 29405
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29405
    title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL6734.NASL
    description The remote BIG-IP device is missing a patch required by a security advisory.
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 78213
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78213
    title F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0661.NASL
    description Updated OpenSSL packages are now available to correct several security issues. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. From Red Hat Security Advisory 2006:0695 : Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities : * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. From Red Hat Security Advisory 2006:0661 : Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67405
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67405
    title Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-2140.NASL
    description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 and CVE-2006-4343.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 27368
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27368
    title openSUSE 10 Security Update : openssl (openssl-2140)
  • NASL family Misc.
    NASL id XEROX_XRX07_001.NASL
    description According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly suffers from multiple issues in the ESS / Network Controller that could allow remote execution of arbitrary code on the affected device, initiation of denial of service attacks, and forgery of digital certificates.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 25637
    published 2007-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25637
    title Xerox WorkCentre Multiple OpenSSL Vulnerabilities (XRX07-001)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200610-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200610-11 (OpenSSL: Multiple vulnerabilities) Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. Impact : An attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 22914
    published 2006-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22914
    title GLSA-200610-11 : OpenSSL: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-178.NASL
    description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24564
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24564
    title Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-353-1.NASL
    description Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937) Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses. (CVE-2006-4343). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 27933
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27933
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-2171.NASL
    description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 27187
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27187
    title openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0695.NASL
    description From Red Hat Security Advisory 2006:0695 : Updated OpenSSL packages are now available to correct several security issues. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities : * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-01-16
    modified 2018-08-13
    plugin id 67411
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67411
    title Oracle Linux 3 : openssl (ELSA-2006-0695)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-06 (OpenSSL: Multiple vulnerabilities) Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Impact : A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 26946
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26946
    title GLSA-200710-06 : OpenSSL: Multiple vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0013.NASL
    description I Security Issues a. OpenSSL Binaries Updated This fix updates the third-party OpenSSL library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues addressed by this update. II Service Console rpm updates a. net-snmp Security update This fix upgrades the service console rpm for net-snmp to version net-snmp-5.0.9-2.30E.24. Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-2292 and CVE-2008-0960 to the issues addressed in net-snmp-5.0.9-2.30E.24. b. perl Security update This fix upgrades the service console rpm for perl to version perl-5.8.0-98.EL3. Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1927 to the issue addressed in perl-5.8.0-98.EL3.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 40381
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40381
    title VMSA-2008-0013 : Updated ESX packages for OpenSSL, net-snmp, perl
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-193.NASL
    description A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108). Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135). Updated packages have been patched to prevent these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 26950
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26950
    title Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1379.NASL
    description An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 26209
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26209
    title Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-177.NASL
    description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24563
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24563
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-11 (AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities) Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally, Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. Impact : An attacker could trigger the buffer overflow by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally, a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 23863
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23863
    title GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121229.NASL
    description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 20272
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20272
    title Solaris 10 (sparc) : 121229-02
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114568.NASL
    description SunOS 5.9_x86: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11
    last seen 2018-09-02
    modified 2016-12-09
    plugin id 13606
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13606
    title Solaris 9 (x86) : 114568-29
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121229-02.NASL
    description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 107376
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107376
    title Solaris 10 (sparc) : 121229-02
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-522-1.NASL
    description It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. (CVE-2007-3108) Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service. (CVE-2007-5135). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 28127
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28127
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-272-01.NASL
    description New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22467
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22467
    title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : openssl (SSA:2006-272-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-172.NASL
    description Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937) Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343) Updated packages are patched to address these issues. Update : There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24558
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24558
    title Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113713.NASL
    description SunOS 5.9: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13543
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13543
    title Solaris 9 (sparc) : 113713-30
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0695.NASL
    description Updated OpenSSL packages are now available to correct several security issues. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities : * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 22484
    published 2006-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22484
    title CentOS 3 / 4 : openssl (CESA-2006:0695)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1185.NASL
    description The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code. For reference please find below the original advisory text : Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer. - CVE-2006-2937 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. Any code which uses OpenSSL to parse ASN1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications. - CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. - CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. - CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 22727
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22727
    title Debian DSA-1185-2 : openssl - denial of service
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0F37D765C5D411DB9F82000E0C2E438A.NASL
    description Several problems have been found in OpenSSL : - During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. - A buffer overflow exists in the SSL_get_shared_ciphers function. - A NULL pointer may be dereferenced in the SSL version 2 client code. In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. Impact : Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack. An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server. A malicious SSL server can cause clients connecting using SSL version 2 to crash. Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. Workaround : No workaround is available, but not all of the vulnerabilities mentioned affect all applications.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 24719
    published 2007-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24719
    title FreeBSD : OpenSSL -- Multiple problems in crypto(3) (0f37d765-c5d4-11db-9f82-000e0c2e438a)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-2141.NASL
    description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937 / CVE-2006-2940 / CVE-2006-3738 / CVE-2006-4343.
    last seen 2019-01-16
    modified 2016-12-22
    plugin id 29542
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29542
    title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 2141)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121230-02.NASL
    description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107877
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107877
    title Solaris 10 (x86) : 121230-02
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121230.NASL
    description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 20275
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20275
    title Solaris 10 (x86) : 121230-02
  • NASL family Web Servers
    NASL id OPENSSL_0_9_7L_0_9_8D.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7l or 0.9.8d. As such, it is affected by multiple vulnerabilities : - A remote attacker could trigger a denial of service, either via malformed ASN.1 structures or specially crafted public keys. (CVE-2006-2937, CVE-2006-3738) - A remote attacker could execute arbitrary code on the remote server by exploiting a buffer overflow in the SSL_get_shared_ciphers function. (CVE-2006-2940) - A remote attacker could crash a client by sending an invalid server Hello. (CVE-2006-4343)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 17757
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17757
    title OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL8106.NASL
    description F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 86017
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86017
    title F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0695.NASL
    description Updated OpenSSL packages are now available to correct several security issues. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities : * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 22472
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22472
    title RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0695)
oval via4
  • accepted 2008-01-14T04:00:05.944-05:00
    class vulnerability
    contributors
    name Todd Dolinsky
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
    family unix
    id oval:org.mitre.oval:def:4256
    status accepted
    submitted 2007-12-04T09:53:52.000-05:00
    title Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges
    version 31
  • accepted 2013-04-29T04:19:00.454-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
    family unix
    id oval:org.mitre.oval:def:9370
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
    version 23
redhat via4
advisories
  • rhsa
    id RHSA-2006:0695
  • rhsa
    id RHSA-2008:0629
rpms
  • openssl-0:0.9.7a-33.21
  • openssl-devel-0:0.9.7a-33.21
  • openssl-perl-0:0.9.7a-33.21
  • openssl096b-0:0.9.6b-16.46
  • openssl-0:0.9.7a-43.14
  • openssl-devel-0:0.9.7a-43.14
  • openssl-perl-0:0.9.7a-43.14
  • openssl096b-0:0.9.6b-22.46
refmap via4
apple APPLE-SA-2006-11-28
bid
  • 20249
  • 22083
bugtraq
  • 20060928 rPSA-2006-0175-1 openssl openssl-scripts
  • 20060929 rPSA-2006-0175-2 openssl openssl-scripts
  • 20070110 VMware ESX server security updates
  • 20070602 Recent OpenSSL exploits
cert TA06-333A
cert-vn VU#547300
cisco
  • 20061108 Multiple Vulnerabilities in OpenSSL Library
  • 20061108 Multiple Vulnerabilities in OpenSSL library
confirm
debian
  • DSA-1185
  • DSA-1195
freebsd FreeBSD-SA-06:23
fulldisc 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
gentoo
  • GLSA-200610-11
  • GLSA-200612-11
  • GLSA-200805-07
hp
  • HPSBMA02250
  • HPSBOV02683
  • HPSBTU02207
  • HPSBUX02174
  • HPSBUX02186
  • SSRT061213
  • SSRT061239
  • SSRT061275
  • SSRT071299
  • SSRT071304
  • SSRT090208
mandriva
  • MDKSA-2006:172
  • MDKSA-2006:177
  • MDKSA-2006:178
netbsd NetBSD-SA2008-007
openbsd [3.9] 20061007 013: SECURITY FIX: October 7, 2006
openpkg OpenPKG-SA-2006.021
osvdb 29262
sectrack
  • 1016943
  • 1017522
secunia
  • 22094
  • 22116
  • 22130
  • 22165
  • 22166
  • 22172
  • 22186
  • 22193
  • 22207
  • 22212
  • 22216
  • 22220
  • 22240
  • 22259
  • 22260
  • 22284
  • 22298
  • 22330
  • 22385
  • 22460
  • 22487
  • 22500
  • 22544
  • 22626
  • 22633
  • 22654
  • 22758
  • 22772
  • 22791
  • 22799
  • 23038
  • 23155
  • 23280
  • 23309
  • 23340
  • 23680
  • 23794
  • 23915
  • 24930
  • 24950
  • 25889
  • 26329
  • 30124
  • 30161
  • 31492
sgi 20061001-01-P
slackware SSA:2006-272-01
sunalert
  • 102668
  • 102711
  • 201531
suse
  • SUSE-SA:2006:058
  • SUSE-SR:2006:024
trustix 2006-0054
ubuntu USN-353-1
vupen
  • ADV-2006-3820
  • ADV-2006-3860
  • ADV-2006-3869
  • ADV-2006-3902
  • ADV-2006-3936
  • ADV-2006-4036
  • ADV-2006-4264
  • ADV-2006-4314
  • ADV-2006-4401
  • ADV-2006-4417
  • ADV-2006-4443
  • ADV-2006-4750
  • ADV-2007-0343
  • ADV-2007-1401
  • ADV-2007-2315
  • ADV-2007-2783
xf openssl-sslgetsharedciphers-bo(29237)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 23-08-2013 - 01:21
Published 28-09-2006 - 14:07
Last modified 17-10-2018 - 17:29
Back to Top