PT-2006-1066 · Openssl+1 · Openssl+1

Tavis Ormandy

Published

2006-09-28

Updated

2024-06-15

CVE-2006-3738

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8d

Description: The issue affects the OpenSSL package, allowing remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. This can be achieved through remote attack vectors, including a long list of ciphers, potentially leading to a buffer overflow in the SSL get shared ciphers function. The vulnerability may also enable an attacker to cause a denial of service or gain access to encrypted data without knowledge of the encryption key.

Recommendations: For OpenSSL versions prior to 0.9.8d, update to version 0.9.8d or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL get shared ciphers function until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-119CWE-310

Related Identifiers

BDU:2015-09525

BDU:2015-09567

BDU:2015-09905

CVE-2006-3738

DSA-1185-2

DSA-1195-1

HPSBUX02174

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2006:0695

RHSA-2006_0695

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

SUSE-FU-2022:0445-1

Affected Products

Openssl

Red Hat

PT-2006-1066 · Openssl+1 · Openssl+1

CVE-2006-3738

Weakness Enumeration

Related Identifiers

Affected Products

References · 327