PT-2006-1066 · Openssl+1 · Openssl+1

Tavis Ormandy

Publicado

2006-09-28

Atualizado

2024-06-15

CVE-2006-3738

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8d

Description: The issue affects the OpenSSL package, allowing remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. This can be achieved through remote attack vectors, including a long list of ciphers, potentially leading to a buffer overflow in the SSL get shared ciphers function. The vulnerability may also enable an attacker to cause a denial of service or gain access to encrypted data without knowledge of the encryption key.

Recommendations: For OpenSSL versions prior to 0.9.8d, update to version 0.9.8d or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL get shared ciphers function until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-119CWE-310

Identificadores relacionados

BDU:2015-09525

BDU:2015-09567

BDU:2015-09905

CVE-2006-3738

DSA-1185-2

DSA-1195-1

HPSBUX02174

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2006:0695

RHSA-2006_0695

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

SUSE-FU-2022:0445-1

Produtos afetados

Openssl

Red Hat

PT-2006-1066 · Openssl+1 · Openssl+1

CVE-2006-3738

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 327