PT-2012-1153 · Openssl+3 · Openssl+3

Kurt Seifried

Published

2009-09-02

Updated

2024-06-15

CVE-2006-7250

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0j OpenSSL versions prior to 0.9.8y

Description The issue affects the OpenSSL package in Gentoo Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, the mime hdr cmp function in crypto/asn1/asn mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service via a crafted S/MIME message, resulting in a NULL pointer dereference and application crash.

Recommendations For versions prior to 1.0.0j, update to version 1.0.0j or later. For versions prior to 0.9.8y, update to version 0.9.8y or later. As a temporary workaround, consider restricting access to the crypto/asn1/asn mime.c function until a patch is available. Avoid using the mime hdr cmp function in the affected OpenSSL versions until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-09677

CVE-2006-7250

DSA-2454-1

HPSBUX02782

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2009:1335

RHSA-2009_1335

SUSE-FU-2022:0445-1

SUSE-SU-2012_0478-1

SUSE-SU-2012_0479-1

SUSE-SU-2012_0674-1

SUSE-SU-2015:1184-1

SUSE-SU-403

Affected Products

Hp-Ux

Openssl

Red Hat

Suse

PT-2012-1153 · Openssl+3 · Openssl+3

CVE-2006-7250

Weakness Enumeration

Related Identifiers

Affected Products

References · 305