Executive Summary
Summary | |
---|---|
Title | New openssl packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1185 | First vendor Publication | 2006-09-28 |
Vendor | Debian | Last vendor Modification | 2006-09-28 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer. CVE-2006-2937 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. Any code which uses OpenSSL to parse ASN1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications. CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. For the stable distribution (sarge) these problems have been fixed in version 0.9.7e-3sarge3. For the unstable and testing distributions (sid and etch, respectively), these problems will be fixed in version 0.9.7k-2 of the openssl097 compatibility libraries, and version 0.9.8c-2 of the openssl package. We recommend that you upgrade your openssl package. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1185 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10207 | |||
Oval ID: | oval:org.mitre.oval:def:10207 | ||
Title: | The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | ||
Description: | The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4343 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10311 | |||
Oval ID: | oval:org.mitre.oval:def:10311 | ||
Title: | OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | ||
Description: | OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2940 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10560 | |||
Oval ID: | oval:org.mitre.oval:def:10560 | ||
Title: | OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | ||
Description: | OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2937 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4256 | |||
Oval ID: | oval:org.mitre.oval:def:4256 | ||
Title: | Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges | ||
Description: | Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3738 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4356 | |||
Oval ID: | oval:org.mitre.oval:def:4356 | ||
Title: | Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges | ||
Description: | The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4343 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9370 | |||
Oval ID: | oval:org.mitre.oval:def:9370 | ||
Title: | Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. | ||
Description: | Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3738 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2006-09-28 | OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability |
2007-12-23 | OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-02-03 | Name : Solaris Update for Kernel 122301-48 File : nvt/gb_solaris_122301_48.nasl |
2010-02-03 | Name : Solaris Update for Kernel 122300-48 File : nvt/gb_solaris_122300_48.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122301-44 File : nvt/gb_solaris_122301_44.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122300-44 File : nvt/gb_solaris_122300_44.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114357-18 File : nvt/gb_solaris_114357_18.nasl |
2009-10-13 | Name : Solaris Update for pkg utilities 113713-28 File : nvt/gb_solaris_113713_28.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114356-19 File : nvt/gb_solaris_114356_19.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5018995.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5018586.nasl |
2009-09-23 | Name : Solaris Update for pkg utilities 114568-27 File : nvt/gb_solaris_114568_27.nasl |
2009-09-23 | Name : Solaris Update for Kernel 122301-42 File : nvt/gb_solaris_122301_42.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114357-17 File : nvt/gb_solaris_114357_17.nasl |
2009-06-03 | Name : Solaris Update for kernel 127128-11 File : nvt/gb_solaris_127128_11.nasl |
2009-06-03 | Name : Solaris Update for kernel 127127-11 File : nvt/gb_solaris_127127_11.nasl |
2009-06-03 | Name : Solaris Update for bootconfchk 123377-01 File : nvt/gb_solaris_123377_01.nasl |
2009-06-03 | Name : Solaris Update for bootconfchk 123376-01 File : nvt/gb_solaris_123376_01.nasl |
2009-06-03 | Name : Solaris Update for wanboot 122715-02 File : nvt/gb_solaris_122715_02.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114356-18 File : nvt/gb_solaris_114356_18.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122301-40 File : nvt/gb_solaris_122301_40.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122300-40 File : nvt/gb_solaris_122300_40.nasl |
2009-06-03 | Name : Solaris Update for kernel 120011-14 File : nvt/gb_solaris_120011_14.nasl |
2009-06-03 | Name : Solaris Update for wanboot 117123-08 File : nvt/gb_solaris_117123_08.nasl |
2009-06-03 | Name : Solaris Update for pkg utilities 114568-26 File : nvt/gb_solaris_114568_26.nasl |
2009-06-03 | Name : Solaris Update for pkg utilities 113713-27 File : nvt/gb_solaris_113713_27.nasl |
2009-05-05 | Name : HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186 File : nvt/gb_hp_ux_HPSBUX02186.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-06 (openssl) File : nvt/glsa_200710_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-11 (openssl) File : nvt/glsa_200610_11.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs) File : nvt/glsa_200612_11.nasl |
2008-09-04 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl2.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc) File : nvt/freebsdsa_openssl4.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1185-1 (openssl) File : nvt/deb_1185_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1185-2 (openssl) File : nvt/deb_1185_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1195-1 (openssl096) File : nvt/deb_1195_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-272-01 openssl File : nvt/esoft_slk_ssa_2006_272_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29263 | OpenSSL SSLv2 get_server_hello Function Remote DoS OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs in the get_server_hello function, and will result in loss of availability for the client. |
29262 | OpenSSL SSL_get_shared_ciphers Function Unspecified Remote Overflow A remote overflow exists in OpenSSL. OpenSSL contains an unspecified issue in the SSL_get_shared_ciphers function. With a specially crafted request, an attacker can cause an unspecified impact. |
29261 | OpenSSL Crafted Public Key CPU Consumption DoS OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when large values in X.509 certificates require extra time to process, and may result in loss of availability for the service. |
29260 | OpenSSL Malformed ASN.1 Structure Resource Consumption DoS OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in processing malformed ASN.1 structures which may lead to infinite loop and consumption of memory, and will result in loss of availability for the service. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8440 - Revision : 11 - Type : IMAP |
2014-01-10 | SSLv3 openssl get shared ciphers overflow attempt RuleID : 8439 - Revision : 16 - Type : IMAP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8438 - Revision : 16 - Type : IMAP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8437 - Revision : 15 - Type : SMTP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8436 - Revision : 14 - Type : SMTP |
2014-01-10 | SSLv3 openssl get shared ciphers overflow attempt RuleID : 8435 - Revision : 16 - Type : SMTP |
2014-01-10 | SSLv3 openssl get shared ciphers overflow attempt RuleID : 8434 - Revision : 16 - Type : SMTP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8433 - Revision : 15 - Type : SMTP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8432 - Revision : 15 - Type : SMTP |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8431 - Revision : 14 - Type : POP3 |
2014-01-10 | SSLv3 openssl get shared ciphers overflow attempt RuleID : 8430 - Revision : 15 - Type : POP3 |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8429 - Revision : 14 - Type : POP3 |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8428 - Revision : 21 - Type : SERVER-OTHER |
2014-01-10 | SSLv2 openssl get shared ciphers overflow attempt RuleID : 8427 - Revision : 18 - Type : MISC |
2014-01-10 | SSLv3 openssl get shared ciphers overflow attempt RuleID : 8426 - Revision : 20 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-09-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8106.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6734.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0661.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_7l_0_9_8d.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO |
2008-04-02 | Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2008_0005.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-2175.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-2141.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-2163.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-522-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-353-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-353-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2349.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2162.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2140.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-2171.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 122715-03 File : solaris9_x86_122715.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-06.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-193.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1379.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 117123-10 File : solaris9_117123.nasl - Type : ACT_GATHER_INFO |
2007-07-01 | Name : The remote multi-function device is affected by multiple issues. File : xerox_xrx07_001.nasl - Type : ACT_GATHER_INFO |
2007-02-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0f37d765c5d411db9f82000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_058.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-178.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-177.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-172.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1004.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200612-11.nasl - Type : ACT_GATHER_INFO |
2006-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-11.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1195.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1185.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-272-01.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114568-29 File : solaris9_x86_114568.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113713-30 File : solaris9_113713.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:14 |
|