PT-2006-1069 · Openssl+1 · Openssl+1

Noam Rathaus

Publicado

2006-09-28

Atualizado

2024-06-15

CVE-2006-4343

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7 before 0.9.7l OpenSSL versions 0.9.8 before 0.9.8d OpenSSL earlier versions

Description: The issue allows remote servers to cause a denial of service, potentially leading to a client crash via unknown vectors that trigger a null pointer dereference in the get server hello function. Multiple vulnerabilities in the openssl package may lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For OpenSSL versions 0.9.7 before 0.9.7l, update to version 0.9.7l or later. For OpenSSL versions 0.9.8 before 0.9.8d, update to version 0.9.8d or later. For OpenSSL earlier versions, update to a version 0.9.7l or 0.9.8d, or later.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-476

Identificadores relacionados

BDU:2015-09525

CVE-2006-4343

DSA-1185-2

DSA-1195-1

HPSBUX02174

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2006:0695

RHSA-2006_0695

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

SUSE-FU-2022:0445-1

Produtos afetados

Openssl

Red Hat

PT-2006-1069 · Openssl+1 · Openssl+1

CVE-2006-4343

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 311