ID CVE-2006-4343
Summary The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. This vulnerability is addressed in the following product releases: OpenSSL Project, OpenSSL, 0.9.7l (or later) OpenSSL Project, OpenSSL, 0.9.8d (or later)
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
CVSS
Base: 4.3 (as of 17-10-2018 - 21:36)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:03:31.280-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
    family unix
    id oval:org.mitre.oval:def:10207
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
    version 29
  • accepted 2008-01-14T04:00:06.896-05:00
    class vulnerability
    contributors
    name Todd Dolinsky
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
    family unix
    id oval:org.mitre.oval:def:4356
    status accepted
    submitted 2007-12-04T09:53:52.000-05:00
    title Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges
    version 34
redhat via4
advisories
  • bugzilla
    id 430655
    title CVE-2006-2937 openssl ASN.1 DoS
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment openssl is earlier than 0:0.9.7a-43.14
            oval oval:com.redhat.rhsa:tst:20060695001
          • comment openssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661004
        • AND
          • comment openssl-devel is earlier than 0:0.9.7a-43.14
            oval oval:com.redhat.rhsa:tst:20060695003
          • comment openssl-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661006
        • AND
          • comment openssl-perl is earlier than 0:0.9.7a-43.14
            oval oval:com.redhat.rhsa:tst:20060695005
          • comment openssl-perl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661008
        • AND
          • comment openssl096b is earlier than 0:0.9.6b-22.46
            oval oval:com.redhat.rhsa:tst:20060695007
          • comment openssl096b is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060661002
    rhsa
    id RHSA-2006:0695
    released 2006-09-28
    severity Important
    title RHSA-2006:0695: openssl security update (Important)
  • rhsa
    id RHSA-2008:0629
rpms
  • openssl-0:0.9.6b-46
  • openssl-0:0.9.7a-33.21
  • openssl-0:0.9.7a-43.14
  • openssl-debuginfo-0:0.9.7a-33.21
  • openssl-debuginfo-0:0.9.7a-43.14
  • openssl-devel-0:0.9.6b-46
  • openssl-devel-0:0.9.7a-33.21
  • openssl-devel-0:0.9.7a-43.14
  • openssl-perl-0:0.9.6b-46
  • openssl-perl-0:0.9.7a-33.21
  • openssl-perl-0:0.9.7a-43.14
  • openssl095a-0:0.9.5a-32
  • openssl096-0:0.9.6-32
  • openssl096b-0:0.9.6b-16.46
  • openssl096b-0:0.9.6b-22.46
  • openssl096b-debuginfo-0:0.9.6b-16.46
  • openssl096b-debuginfo-0:0.9.6b-22.46
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.1.1-3
  • rhn_solaris_bootstrap_5_1_1_3-0:1-0
refmap via4
apple APPLE-SA-2006-11-28
bid
  • 20246
  • 22083
  • 28276
bugtraq
  • 20060928 rPSA-2006-0175-1 openssl openssl-scripts
  • 20060929 rPSA-2006-0175-2 openssl openssl-scripts
  • 20070110 VMware ESX server security updates
  • 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
cert TA06-333A
cert-vn VU#386964
cisco
  • 20061108 Multiple Vulnerabilities in OpenSSL Library
  • 20061108 Multiple Vulnerabilities in OpenSSL library
confirm
debian
  • DSA-1185
  • DSA-1195
exploit-db 4773
freebsd FreeBSD-SA-06:23.openssl
fulldisc 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
gentoo
  • GLSA-200610-11
  • GLSA-200612-11
hp
  • HPSBMA02250
  • HPSBOV02683
  • HPSBTU02207
  • HPSBUX02174
  • HPSBUX02186
  • SSRT061213
  • SSRT061239
  • SSRT061275
  • SSRT071299
  • SSRT071304
  • SSRT090208
mandriva
  • MDKSA-2006:172
  • MDKSA-2006:177
  • MDKSA-2006:178
mlist [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
netbsd NetBSD-SA2008-007
openbsd [3.9] 20061007 013: SECURITY FIX: October 7, 2006
openpkg OpenPKG-SA-2006.021
osvdb 29263
sectrack
  • 1016943
  • 1017522
secunia
  • 22094
  • 22116
  • 22130
  • 22165
  • 22166
  • 22172
  • 22186
  • 22193
  • 22207
  • 22212
  • 22216
  • 22220
  • 22240
  • 22259
  • 22260
  • 22284
  • 22298
  • 22330
  • 22385
  • 22460
  • 22487
  • 22500
  • 22544
  • 22626
  • 22758
  • 22772
  • 22791
  • 22799
  • 23038
  • 23155
  • 23280
  • 23309
  • 23340
  • 23680
  • 23794
  • 23915
  • 24950
  • 25420
  • 25889
  • 26329
  • 30124
  • 31492
sgi 20061001-01-P
slackware SSA:2006-272-01
sunalert
  • 102668
  • 102711
  • 201531
suse
  • SUSE-SA:2006:058
  • SUSE-SR:2006:024
trustix 2006-0054
ubuntu USN-353-1
vupen
  • ADV-2006-3820
  • ADV-2006-3860
  • ADV-2006-3869
  • ADV-2006-3902
  • ADV-2006-3936
  • ADV-2006-4036
  • ADV-2006-4264
  • ADV-2006-4401
  • ADV-2006-4417
  • ADV-2006-4443
  • ADV-2006-4750
  • ADV-2007-0343
  • ADV-2007-1401
  • ADV-2007-1973
  • ADV-2007-2783
  • ADV-2008-0905
xf openssl-sslv2-client-dos(29240)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:36
Published 28-09-2006 - 18:07
Last modified 17-10-2018 - 21:36
Back to Top