Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-4343

Disclosure Date: September 28, 2006
CVE-2006-4343
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • openssl

Products

  • debian linux 3.1,
  • openssl 0.9.7,
  • openssl 0.9.7a,
  • openssl 0.9.7b,
  • openssl 0.9.7c,
  • openssl 0.9.7d,
  • openssl 0.9.7e,
  • openssl 0.9.7f,
  • openssl 0.9.7g,
  • openssl 0.9.7h,
  • openssl 0.9.7i,
  • openssl 0.9.7j,
  • openssl 0.9.7k,
  • openssl 0.9.8,
  • openssl 0.9.8a,
  • openssl 0.9.8b,
  • openssl 0.9.8c,
  • ubuntu linux 5.04,
  • ubuntu linux 5.10,
  • ubuntu linux 6.06

References

Canonical
CVE-2006-4343 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343)
BID-22083 (http://www.securityfocus.com/bid/22083)
BID-28276 (http://www.securityfocus.com/bid/28276)
BID-20246 (http://www.securityfocus.com/bid/20246)
Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
SECUNIA-22212 (http://secunia.com/advisories/22212)
ADV-2006-4750 (http://www.vupen.com/english/advisories/2006/4750)
EXPLOIT-DB-4773 (https://www.exploit-db.com/exploits/4773)
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
SECUNIA-23915 (http://secunia.com/advisories/23915)
HPSBMA02250 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771)
SECTRACK-1016943 (http://securitytracker.com/id?1016943)
SECUNIA-23038 (http://secunia.com/advisories/23038)
XF-openssl-sslv2-client-dos(29240) (https://exchange.xforce.ibmcloud.com/vulnerabilities/29240)
DSA-1195 (http://www.debian.org/security/2006/dsa-1195)
SECUNIA-23309 (http://secunia.com/advisories/23309)
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
ADV-2006-4401 (http://www.vupen.com/english/advisories/2006/4401)
USN-353-1 (http://www.ubuntu.com/usn/usn-353-1)
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
SECUNIA-22116 (http://secunia.com/advisories/22116)
SSRT071304 (https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144)
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
GLSA-200612-11 (http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml)
SECUNIA-22166 (http://secunia.com/advisories/22166)
http://www.redhat.com/support/errata/RHSA-2006-0695.html
SECUNIA-23340 (http://secunia.com/advisories/23340)
SECUNIA-22385 (http://secunia.com/advisories/22385)
http://www.novell.com/linux/security/advisories/2006_24_sr.html
SECUNIA-22758 (http://secunia.com/advisories/22758)
SECUNIA-22487 (http://secunia.com/advisories/22487)
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SECUNIA-22772 (http://secunia.com/advisories/22772)
SSRT071299 (http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540)
SECUNIA-22165 (http://secunia.com/advisories/22165)
http://docs.info.apple.com/article.html?artnum=304829
20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released (http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html)
SECUNIA-23794 (http://secunia.com/advisories/23794)
SSRT090208 (http://marc.info?l=bugtraq&m=130497311408250&w=2)
SECUNIA-22220 (http://secunia.com/advisories/22220)
SECUNIA-23680 (http://secunia.com/advisories/23680)
http://openvpn.net/changelog.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
SECUNIA-25889 (http://secunia.com/advisories/25889)
ADV-2006-4036 (http://www.vupen.com/english/advisories/2006/4036)
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
SECUNIA-30124 (http://secunia.com/advisories/30124)
http://www.ingate.com/relnote-452.php
SECUNIA-22626 (http://secunia.com/advisories/22626)
OSVDB-29263 (http://www.osvdb.org/29263)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
ADV-2006-3869 (http://www.vupen.com/english/advisories/2006/3869)
SECUNIA-22544 (http://secunia.com/advisories/22544)
SECUNIA-22298 (http://secunia.com/advisories/22298)
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
SECUNIA-22130 (http://secunia.com/advisories/22130)
SECUNIA-25420 (http://secunia.com/advisories/25420)
SECUNIA-31492 (http://secunia.com/advisories/31492)
ADV-2007-1973 (http://www.vupen.com/english/advisories/2007/1973)
SECUNIA-22284 (http://secunia.com/advisories/22284)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
http://www.redhat.com/support/errata/RHSA-2008-0629.html
GLSA-200610-11 (http://security.gentoo.org/glsa/glsa-200610-11.xml)
http://issues.rpath.com/browse/RPL-613
SECUNIA-26329 (http://secunia.com/advisories/26329)
SECUNIA-22260 (http://secunia.com/advisories/22260)
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
ADV-2007-0343 (http://www.vupen.com/english/advisories/2007/0343)
ADV-2006-3860 (http://www.vupen.com/english/advisories/2006/3860)
SECUNIA-23280 (http://secunia.com/advisories/23280)
20060928 rPSA-2006-0175-1 openssl openssl-scripts (http://www.securityfocus.com/archive/1/447318/100/0/threaded)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
ADV-2006-4264 (http://www.vupen.com/english/advisories/2006/4264)
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
SECUNIA-22193 (http://secunia.com/advisories/22193)
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
SECUNIA-23155 (http://secunia.com/advisories/23155)
SECUNIA-22799 (http://secunia.com/advisories/22799)
ADV-2006-4417 (http://www.vupen.com/english/advisories/2006/4417)
VU#386964 (http://www.kb.cert.org/vuls/id/386964)
http://www.serv-u.com/releasenotes
ADV-2006-4443 (http://www.vupen.com/english/advisories/2006/4443)
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
SECUNIA-22094 (http://secunia.com/advisories/22094)
SECUNIA-22186 (http://secunia.com/advisories/22186)
http://www.openssl.org/news/secadv_20060928.txt
http://kolab.org/security/kolab-vendor-notice-11.txt
SECUNIA-22500 (http://secunia.com/advisories/22500)
APPLE-SA-2006-11-28 (http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html)
TA06-333A (http://www.us-cert.gov/cas/techalerts/TA06-333A.html)
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (http://www.securityfocus.com/archive/1/489739/100/0/threaded)
SECUNIA-22216 (http://secunia.com/advisories/22216)
ADV-2006-3820 (http://www.vupen.com/english/advisories/2006/3820)
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (http://lists.vmware.com/pipermail/security-announce/2008/000008.html)
HPSBUX02174 (http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100)
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
ADV-2008-0905 (http://www.vupen.com/english/advisories/2008/0905/references)
ADV-2007-1401 (http://www.vupen.com/english/advisories/2007/1401)
SUNALERT-102711 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1)
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
20070110 VMware ESX server security updates (http://www.securityfocus.com/archive/1/456546/100/200/threaded)
20060929 rPSA-2006-0175-2 openssl openssl-scripts (http://www.securityfocus.com/archive/1/447393/100/0/threaded)
ADV-2006-3936 (http://www.vupen.com/english/advisories/2006/3936)
SECUNIA-22240 (http://secunia.com/advisories/22240)
SECUNIA-22330 (http://secunia.com/advisories/22330)
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
DSA-1185 (http://www.debian.org/security/2006/dsa-1185)
SECUNIA-22207 (http://secunia.com/advisories/22207)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
SECTRACK-1017522 (http://securitytracker.com/id?1017522)
20061108 Multiple Vulnerabilities in OpenSSL Library (http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html)
ADV-2006-3902 (http://www.vupen.com/english/advisories/2006/3902)
ADV-2007-2783 (http://www.vupen.com/english/advisories/2007/2783)
SECUNIA-22259 (http://secunia.com/advisories/22259)
SECUNIA-22460 (http://secunia.com/advisories/22460)
SECUNIA-22791 (http://secunia.com/advisories/22791)
SECUNIA-22172 (http://secunia.com/advisories/22172)
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
SUNALERT-102668 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1)
20061108 Multiple Vulnerabilities in OpenSSL library (http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml)
SECUNIA-24950 (http://secunia.com/advisories/24950)
SUNALERT-201531 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1)
Miscellaneous
2006-0054 (http://www.trustix.org/errata/2006/0054)
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
[3.9] 20061007 013: SECURITY FIX: October 7, 2006 (http://openbsd.org/errata.html#openssl2)
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
OpenPKG-SA-2006.021 (http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html)
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://www.serv-u.com/releasenotes/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis