ID CVE-2006-7250
Summary The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.1c
    cpe:2.3:a:openssl:openssl:0.9.1c
  • OpenSSL Project OpenSSL 0.9.2b
    cpe:2.3:a:openssl:openssl:0.9.2b
  • OpenSSL Project OpenSSL 0.9.3
    cpe:2.3:a:openssl:openssl:0.9.3
  • OpenSSL Project OpenSSL 0.9.3a
    cpe:2.3:a:openssl:openssl:0.9.3a
  • OpenSSL Project OpenSSL 0.9.4
    cpe:2.3:a:openssl:openssl:0.9.4
  • OpenSSL Project OpenSSL 0.9.5
    cpe:2.3:a:openssl:openssl:0.9.5
  • OpenSSL Project OpenSSL 0.9.5 Beta1
    cpe:2.3:a:openssl:openssl:0.9.5:beta1
  • OpenSSL Project OpenSSL 0.9.5 Beta2
    cpe:2.3:a:openssl:openssl:0.9.5:beta2
  • OpenSSL Project OpenSSL 0.9.5a
    cpe:2.3:a:openssl:openssl:0.9.5a
  • OpenSSL Project OpenSSL 0.9.5a Beta1
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1
  • OpenSSL Project OpenSSL 0.9.5a Beta2
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2
  • OpenSSL Project OpenSSL 0.9.6
    cpe:2.3:a:openssl:openssl:0.9.6
  • OpenSSL Project OpenSSL 0.9.6 Beta1
    cpe:2.3:a:openssl:openssl:0.9.6:beta1
  • OpenSSL Project OpenSSL 0.9.6 Beta2
    cpe:2.3:a:openssl:openssl:0.9.6:beta2
  • OpenSSL Project OpenSSL 0.9.6 Beta3
    cpe:2.3:a:openssl:openssl:0.9.6:beta3
  • OpenSSL Project OpenSSL 0.9.6a
    cpe:2.3:a:openssl:openssl:0.9.6a
  • OpenSSL Project OpenSSL 0.9.6a Beta1
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1
  • OpenSSL Project OpenSSL 0.9.6a Beta2
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2
  • OpenSSL Project OpenSSL 0.9.6a Beta3
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3
  • OpenSSL Project OpenSSL 0.9.6b
    cpe:2.3:a:openssl:openssl:0.9.6b
  • OpenSSL Project OpenSSL 0.9.6c
    cpe:2.3:a:openssl:openssl:0.9.6c
  • OpenSSL Project OpenSSL 0.9.6d
    cpe:2.3:a:openssl:openssl:0.9.6d
  • OpenSSL Project OpenSSL 0.9.6e
    cpe:2.3:a:openssl:openssl:0.9.6e
  • OpenSSL Project OpenSSL 0.9.6f
    cpe:2.3:a:openssl:openssl:0.9.6f
  • OpenSSL Project OpenSSL 0.9.6g
    cpe:2.3:a:openssl:openssl:0.9.6g
  • OpenSSL Project OpenSSL 0.9.6h
    cpe:2.3:a:openssl:openssl:0.9.6h
  • OpenSSL Project OpenSSL 0.9.6i
    cpe:2.3:a:openssl:openssl:0.9.6i
  • OpenSSL Project OpenSSL 0.9.6j
    cpe:2.3:a:openssl:openssl:0.9.6j
  • OpenSSL Project OpenSSL 0.9.6k
    cpe:2.3:a:openssl:openssl:0.9.6k
  • OpenSSL Project OpenSSL 0.9.6l
    cpe:2.3:a:openssl:openssl:0.9.6l
  • OpenSSL Project OpenSSL 0.9.6m
    cpe:2.3:a:openssl:openssl:0.9.6m
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
  • OpenSSL Project OpenSSL 0.9.7 beta1
    cpe:2.3:a:openssl:openssl:0.9.7:beta1
  • OpenSSL Project OpenSSL 0.9.7 beta2
    cpe:2.3:a:openssl:openssl:0.9.7:beta2
  • OpenSSL Project OpenSSL 0.9.7 beta3
    cpe:2.3:a:openssl:openssl:0.9.7:beta3
  • OpenSSL Project OpenSSL 0.9.7 Beta4
    cpe:2.3:a:openssl:openssl:0.9.7:beta4
  • OpenSSL Project OpenSSL 0.9.7 Beta5
    cpe:2.3:a:openssl:openssl:0.9.7:beta5
  • OpenSSL Project OpenSSL 0.9.7 Beta6
    cpe:2.3:a:openssl:openssl:0.9.7:beta6
  • OpenSSL Project OpenSSL 0.9.7a
    cpe:2.3:a:openssl:openssl:0.9.7a
  • OpenSSL Project OpenSSL 0.9.7b
    cpe:2.3:a:openssl:openssl:0.9.7b
  • OpenSSL Project OpenSSL 0.9.7c
    cpe:2.3:a:openssl:openssl:0.9.7c
  • OpenSSL Project OpenSSL 0.9.7d
    cpe:2.3:a:openssl:openssl:0.9.7d
  • OpenSSL Project OpenSSL 0.9.7e
    cpe:2.3:a:openssl:openssl:0.9.7e
  • OpenSSL Project OpenSSL 0.9.7f
    cpe:2.3:a:openssl:openssl:0.9.7f
  • OpenSSL Project OpenSSL 0.9.7g
    cpe:2.3:a:openssl:openssl:0.9.7g
  • OpenSSL Project OpenSSL 0.9.7h
    cpe:2.3:a:openssl:openssl:0.9.7h
  • OpenSSL Project OpenSSL 0.9.7i
    cpe:2.3:a:openssl:openssl:0.9.7i
  • OpenSSL Project OpenSSL 0.9.7j
    cpe:2.3:a:openssl:openssl:0.9.7j
  • OpenSSL Project OpenSSL 0.9.7k
    cpe:2.3:a:openssl:openssl:0.9.7k
  • OpenSSL Project OpenSSL 0.9.7l
    cpe:2.3:a:openssl:openssl:0.9.7l
  • OpenSSL Project OpenSSL 0.9.7m
    cpe:2.3:a:openssl:openssl:0.9.7m
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
CVSS
Base: 5.0 (as of 29-02-2012 - 09:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-174.NASL
    description Specially crafted MIME headers could crash openssl's ASN.1 parser
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74573
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74573
    title openSUSE Security Update : openssl (openSUSE-SU-2012:0414-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-8034.NASL
    description The following security issue has been fixed : - Specially crafted MIME headers could cause OpenSSL's ans1 parser to dereference a NULL pointer leading to a Denial of Service (CVE-2006-7250) or fail verfication. (CVE-2012-1165) Additionally, two other bugs have been fixed : - free() headers after use in error message. (bnc#749213) - symmetric crypto errors in PKCS7_decrypt. (bnc#749210)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 58679
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58679
    title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8034)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1424-1.NASL
    description It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58808
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58808
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-120327.NASL
    description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service (CVE-2006-7250) or fail verfication. (CVE-2012-1165) - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) Additionally, the following issues have been fixed : - Free headers after use in error message. (bnc#749213) - Symmetric crypto errors in PKCS7_decrypt. (bnc#749210) - Memory leak when creating public keys. (bnc#749735)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58677
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58677
    title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1335.NASL
    description Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387) Note: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. These updated packages also fix the following bugs : * 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440) * when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817) As well, these updated packages add the following enhancements : * both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798) * an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134) * the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798) OpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43785
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43785
    title CentOS 5 : openssl (CESA-2009:1335)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201312-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71169
    published 2013-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71169
    title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8U.NASL
    description According to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function 'mime_hdr_cmp' that could allow a NULL pointer to be dereferenced when parsing certain MIME headers. (CVE-2006-7250) - The fix for CVE-2011-4619 was not complete. - An error exists in the Cryptographic Message Syntax (CMS) and PKCS #7 implementation such that data can be decrypted using Million Message Attack (MMA) adaptive chosen cipher text attack. (CVE-2012-0884) - An error exists in the function 'mime_param_cmp' in the file 'crypto/asn1/asn_mime.c' that can allow a NULL pointer to be dereferenced when handling certain S/MIME content. (CVE-2012-1165) Note that SSL/TLS applications are not necessarily affected, but those using CMS, PKCS #7 and S/MIME decryption operations are.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58564
    published 2012-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58564
    title OpenSSL < 0.9.8u Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1335.NASL
    description Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387) Note: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. These updated packages also fix the following bugs : * 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440) * when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817) As well, these updated packages add the following enhancements : * both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798) * an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134) * the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798) OpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63892
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63892
    title RHEL 5 : openssl (RHSA-2009:1335)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_0H.NASL
    description According to its banner, the remote web server is running OpenSSL version 1.0.0 prior to version 1.0.0h. As such, it reportedly is affected by the following vulnerabilities : - An error exists in the function 'mime_hdr_cmp' that could allow a NULL pointer to be dereferenced when parsing certain MIME headers. (CVE-2006-7250) - The fix for CVE-2011-4619 was not complete. - An error exists in the Cryptographic Message Syntax (CMS) and PKCS #7 implementation such that data can be decrypted using Million Message Attack (MMA) adaptive chosen cipher text attack. (CVE-2012-0884) - An error exists in the function 'mime_param_cmp' in the file 'crypto/asn1/asn_mime.c' that can allow a NULL pointer to be dereferenced when handling certain S/MIME content. (CVE-2012-1165) Note that SSL/TLS applications are not necessarily affected, but those using CMS, PKCS #7 and S/MIME decryption operations are.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58565
    published 2012-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58565
    title OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-120328.NASL
    description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service (CVE-2006-7250) or fail verfication. (CVE-2012-1165) - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) Additionally, the following issues have been fixed : - Free headers after use in error message. (bnc#749213) - Symmetric crypto errors in PKCS7_decrypt. (bnc#749210) - Memory leak when creating public keys. (bnc#749735)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58678
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58678
    title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)
redhat via4
advisories
rhsa
id RHSA-2009:1335
rpms
  • openssl-0:0.9.8e-12.el5
  • openssl-devel-0:0.9.8e-12.el5
  • openssl-perl-0:0.9.8e-12.el5
refmap via4
bid 52181
confirm
hp
  • HPSBUX02782
  • SSRT100844
mlist
  • [openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME
  • [openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers
  • [oss-security] 20120227 CVE request: openssl: null pointer dereference issue
  • [oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue
secunia
  • 36533
  • 48153
  • 48516
  • 48899
ubuntu USN-1424-1
Last major update 22-08-2016 - 21:59
Published 29-02-2012 - 06:55
Last modified 05-01-2018 - 21:29
Back to Top