{"id": "ORACLELINUX_ELSA-2006-0661.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)", "description": "Updated OpenSSL packages are now available to correct several security\nissues. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Where an RSA key with exponent 3 is used it may be\npossible for an attacker to forge a PKCS #1 v1.5 signature that would\nbe incorrectly verified by implementations that do not check for\nexcess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this\nattack. This issue affects applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt\nfile was overwritten when the openssl package was upgraded.", "published": "2013-07-12T00:00:00", "modified": "2013-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/67405", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["https://oss.oracle.com/pipermail/el-errata/2006-November/000009.html"], "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "type": "nessus", "lastseen": "2021-01-17T12:43:51", "edition": 25, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2006-0661", "ELSA-2006-0695"]}, {"type": "openvas", "idList": ["OPENVAS:855008", "OPENVAS:1361412562310855369", "OPENVAS:1361412562310855170", "OPENVAS:855346", "OPENVAS:855735", "OPENVAS:1361412562310855008", "OPENVAS:855170", "OPENVAS:855369", "OPENVAS:1361412562310855640", "OPENVAS:1361412562310855366"]}, {"type": "nessus", "idList": ["SUSE_COMPAT-OPENSSL097G-2171.NASL", "SUSE_OPENSSL-2140.NASL", "REDHAT-RHSA-2006-0695.NASL", "GENTOO_GLSA-200612-11.NASL", "SUSE_COMPAT-OPENSSL097G-2163.NASL", "XEROX_XRX07_001.NASL", "OPENSSL_0_9_7L_0_9_8D.NASL", "F5_BIGIP_SOL6734.NASL", "CENTOS_RHSA-2006-0695.NASL", "FEDORA_2006-1004.NASL"]}, {"type": "cve", "idList": ["CVE-2006-2937", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-2940", "CVE-2006-3738"]}, {"type": "centos", "idList": ["CESA-2006:0695-01", "CESA-2006:0695"]}, {"type": "suse", "idList": ["SUSE-SA:2006:058"]}, {"type": "redhat", "idList": ["RHSA-2006:0695"]}, {"type": "gentoo", "idList": ["GLSA-200612-11", "GLSA-200610-11"]}, {"type": "ubuntu", "idList": ["USN-353-1"]}, {"type": "slackware", "idList": ["SSA-2006-272-01"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1185-1:2C57C"]}, {"type": "f5", "idList": ["SOL6734", "F5:K8106", "SOL8106", "F5:K6734", "F5:K6623"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2006-2940", "OPENSSL:CVE-2006-2937"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:14486"]}, {"type": "freebsd", "idList": ["0F37D765-C5D4-11DB-9F82-000E0C2E438A"]}], "modified": "2021-01-17T12:43:51", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2021-01-17T12:43:51", "rev": 2}, "vulnersScore": 8.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0695 / \n# ELSA-2006-0661.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67405);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n script_bugtraq_id(19849);\n script_xref(name:\"RHSA\", value:\"2006:0661\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Where an RSA key with exponent 3 is used it may be\npossible for an attacker to forge a PKCS #1 v1.5 signature that would\nbe incorrectly verified by implementations that do not check for\nexcess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this\nattack. This issue affects applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt\nfile was overwritten when the openssl package was upgraded.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000009.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "67405", "cpe": ["p-cpe:/a:oracle:linux:openssl096b", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:openssl-perl"], "scheme": null}

{"oraclelinux": [{"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": " [0.9.7a-43.14]\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n \n [0.9.7a-43.11]\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n - don't overwrite customized ca-bundle.pem on upgrade (#175811) ", "edition": 4, "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0695", "href": "http://linux.oracle.com/errata/ELSA-2006-0695.html", "title": "Important openssl security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": " [0.9.7a-43.14]\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n \n [0.9.7a-43.11]\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n - don't overwrite customized ca-bundle.pem on upgrade (#175811) ", "edition": 4, "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0661", "href": "http://linux.oracle.com/errata/ELSA-2006-0661.html", "title": "Important openssl security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:13:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855346", "href": "http://plugins.openvas.org/nasl.php?oid=855346", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855346);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855369", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-27", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855369\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 113713-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-27\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of wanboot", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855008", "type": "openvas", "title": "Solaris Update for wanboot 117123-08", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 117123-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855008\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"117123-08\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 117123-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-117123-08-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-08\", package:\"SUNWcar.us SUNWwbsup SUNWcar.u\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855346", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855346\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2017-02-20T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:855735", "href": "http://plugins.openvas.org/nasl.php?oid=855735", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-28", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-28\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855735);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-28\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 113713-28\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-28-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-28\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2018-04-06T00:00:00", "published": "2009-09-23T00:00:00", "id": "OPENVAS:1361412562310855640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855640", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855640\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of wanboot", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855170", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855170\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of wanboot", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855170", "href": "http://plugins.openvas.org/nasl.php?oid=855170", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855170);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_summary(\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of pkg utilities", "modified": "2017-02-20T00:00:00", "published": "2009-09-23T00:00:00", "id": "OPENVAS:855640", "href": "http://plugins.openvas.org/nasl.php?oid=855640", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855640);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "description": "Check for the Version of bootconfchk", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855366", "type": "openvas", "title": "Solaris Update for bootconfchk 123377-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123377-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855366\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123377-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123377-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123377-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"123377-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:43:25", "description": "A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937 /\nCVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.", "edition": 25, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-2163.NASL", "href": "https://www.tenable.com/plugins/nessus/29405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29405);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937 /\nCVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4343.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2163.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:05:54", "description": " - Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing\n (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS\n (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in\n SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5\n signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo"], "id": "FEDORA_2006-1004.NASL", "href": "https://www.tenable.com/plugins/nessus/24028", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24028);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-1004\");\n\n script_name(english:\"Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing\n (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS\n (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in\n SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5\n signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-September/000636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7928ca04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"openssl-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-debuginfo-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-devel-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-perl-0.9.8a-5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:25", "description": "A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.", "edition": 26, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:compat-openssl097g", "p-cpe:/a:novell:opensuse:compat-openssl097g-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_COMPAT-OPENSSL097G-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/27187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update compat-openssl097g-2171.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27187);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)\");\n script_summary(english:\"Check for the compat-openssl097g-2171 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compat-openssl097g packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"compat-openssl097g-0.9.7g-13.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl097g\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:08", "description": "The remote host is affected by the vulnerability described in GLSA-200610-11\n(OpenSSL: Multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow vulnerability by sending\n a malicious suite of ciphers to an application using the vulnerable\n function, and thus execute arbitrary code with the rights of the user\n running the application. An attacker could also consume CPU and/or\n memory by exploiting the Denial of Service vulnerabilities. Finally a\n malicious server could crash a SSLv2 client through the SSLv2\n vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2006-10-25T00:00:00", "title": "GLSA-200610-11 : OpenSSL: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2006-10-25T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200610-11.NASL", "href": "https://www.tenable.com/plugins/nessus/22914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200610-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22914);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"GLSA\", value:\"200610-11\");\n\n script_name(english:\"GLSA-200610-11 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200610-11\n(OpenSSL: Multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow vulnerability by sending\n a malicious suite of ciphers to an application using the vulnerable\n function, and thus execute arbitrary code with the rights of the user\n running the application. An attacker could also consume CPU and/or\n memory by exploiting the Denial of Service vulnerabilities. Finally a\n malicious server could crash a SSLv2 client through the SSLv2\n vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200610-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8d'\n All OpenSSL 0.9.7 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7l'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 0.9.8d\", \"rge 0.9.7l\"), vulnerable:make_list(\"lt 0.9.8d\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:49", "description": "A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738 and CVE-2006-4343.", "edition": 26, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : openssl (openssl-2140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-32bit", "p-cpe:/a:novell:opensuse:openssl-devel", "p-cpe:/a:novell:opensuse:openssl-devel-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_OPENSSL-2140.NASL", "href": "https://www.tenable.com/plugins/nessus/27368", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-2140.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27368);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n\n script_name(english:\"openSUSE 10 Security Update : openssl (openssl-2140)\");\n script_summary(english:\"Check for the openssl-2140 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738 and CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssl-devel-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:43:51", "description": "From Red Hat Security Advisory 2006:0695 :\n\nUpdated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : openssl (ELSA-2006-0695)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl096b", "p-cpe:/a:oracle:linux:openssl-devel", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2006-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/67411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0695 and \n# Oracle Linux Security Advisory ELSA-2006-0695 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67411);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"Oracle Linux 3 : openssl (ELSA-2006-0695)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0695 :\n\nUpdated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl096b\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:14:48", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).\n\n\nSeveral security problems were found and fixed in the OpenSSL\ncryptographic library.\n\nCVE-2006-3738/VU#547300:\nA Google security audit found a buffer overflow condition within the\nSSL_get_shared_ciphers() function which has been fixed.\n\nCVE-2006-4343/VU#386964:\nThe above Google security audit also found that the OpenSSL SSLv2\nclient code fails to properly check for NULL which could lead to a\nserver program using openssl to crash.\n\nCVE-2006-2937:\nFix mishandling of an error condition in parsing of certain invalid\nASN1 structures, which could result in an infinite loop which consumes\nsystem memory.\n\nCVE-2006-2940:\nCertain types of public key can take disproportionate amounts of time\nto process. This could be used by an attacker in a denial of service\nattack to cause the remote side top spend an excessive amount of time\nin computation.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2006:058: openssl", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2006_058.NASL", "href": "https://www.tenable.com/plugins/nessus/24436", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:058\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24436);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:058: openssl\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:058 (openssl).\n\n\nSeveral security problems were found and fixed in the OpenSSL\ncryptographic library.\n\nCVE-2006-3738/VU#547300:\nA Google security audit found a buffer overflow condition within the\nSSL_get_shared_ciphers() function which has been fixed.\n\nCVE-2006-4343/VU#386964:\nThe above Google security audit also found that the OpenSSL SSLv2\nclient code fails to properly check for NULL which could lead to a\nserver program using openssl to crash.\n\nCVE-2006-2937:\nFix mishandling of an error condition in parsing of certain invalid\nASN1 structures, which could result in an infinite loop which consumes\nsystem memory.\n\nCVE-2006-2940:\nCertain types of public key can take disproportionate amounts of time\nto process. This could be used by an attacker in a denial of service\nattack to cause the remote side top spend an excessive amount of time\nin computation.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_58_openssl.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssl package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssl-0.9.7g-2.10\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7g-2.10\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7d-25.6\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7d-25.6\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-0.9.7e-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssl-devel-0.9.7e-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:42", "description": "Updated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.", "edition": 28, "published": "2006-09-29T00:00:00", "title": "RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0695)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2006-09-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:openssl096b", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2006-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/22472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0695. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22472);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0695)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4343\"\n );\n # http://www.openssl.org/news/secadv/20060928.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20060928.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0695\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0695\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-46\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-32\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-32\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-devel-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssl-perl-0.9.7a-33.21\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-16.46\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096 / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:09", "description": "The remote host is affected by the vulnerability described in GLSA-200612-11\n(AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally, Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow by sending a malicious\n suite of ciphers to an application using the vulnerable function, and\n thus execute arbitrary code with the rights of the user running the\n application. An attacker could also consume CPU and/or memory by\n exploiting the Denial of Service vulnerabilities. Finally, a malicious\n server could crash a SSLv2 client through the SSLv2 vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2006-12-14T00:00:00", "title": "GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2006-12-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs"], "id": "GENTOO_GLSA-200612-11.NASL", "href": "https://www.tenable.com/plugins/nessus/23863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23863);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_bugtraq_id(20246, 20247, 20248, 20249);\n script_xref(name:\"GLSA\", value:\"200612-11\");\n\n script_name(english:\"GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-11\n(AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities)\n\n Tavis Ormandy and Will Drewry, both of the Google Security Team,\n discovered that the SSL_get_shared_ciphers() function contains a buffer\n overflow vulnerability, and that the SSLv2 client code contains a flaw\n leading to a crash. Additionally, Dr. Stephen N. Henson found that the\n ASN.1 handler contains two Denial of Service vulnerabilities: while\n parsing an invalid ASN.1 structure and while handling certain types of\n public key.\n \nImpact :\n\n An attacker could trigger the buffer overflow by sending a malicious\n suite of ciphers to an application using the vulnerable function, and\n thus execute arbitrary code with the rights of the user running the\n application. An attacker could also consume CPU and/or memory by\n exploiting the Denial of Service vulnerabilities. Finally, a malicious\n server could crash a SSLv2 client through the SSLv2 vulnerability.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All AMD64 x86 emulation base libraries users should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-baselibs-2.5.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\", \"Host/Gentoo/arch\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\nourarch = get_kb_item(\"Host/Gentoo/arch\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(amd64)$\") audit(AUDIT_ARCH_NOT, \"amd64\", ourarch);\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/emul-linux-x86-baselibs\", arch:\"amd64\", unaffected:make_list(\"ge 2.5.5\"), vulnerable:make_list(\"lt 2.5.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AMD64 x86 emulation base libraries\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:05:29", "description": "The remote BIG-IP device is missing a patch required by a security\nadvisory.", "edition": 29, "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2014-10-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_webaccelerator"], "id": "F5_BIGIP_SOL6734.NASL", "href": "https://www.tenable.com/plugins/nessus/78213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL6734.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78213);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_bugtraq_id(20246, 20247, 20248, 20249, 22083);\n\n script_name(english:\"F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n # http://www.openssl.org/news/secadv/20060928.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20060928.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K6734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL6734.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL6734\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3\",\"9.4.2-9.4.8\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.1.2\",\"9.2.0-9.2.5\",\"9.4.0-9.4.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.1.3\",\"9.3\",\"9.4.2-9.4.8\",\"9.6\",\"10\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0-9.4.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.2-9.4.8\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T11:48:15", "description": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.", "edition": 3, "cvss3": {}, "published": "2006-09-28T18:07:00", "title": "CVE-2006-2940", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2940"], "modified": "2018-10-18T16:44:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.6l"], "id": "CVE-2006-2940", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2940", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:23:48", "description": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.", "edition": 5, "cvss3": {}, "published": "2006-09-05T17:04:00", "title": "CVE-2006-4339", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4339"], "modified": "2018-10-17T21:35:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.6l"], "id": "CVE-2006-4339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:15", "description": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.", "edition": 3, "cvss3": {}, "published": "2006-09-28T18:07:00", "title": "CVE-2006-2937", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937"], "modified": "2018-10-18T16:43:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.7e"], "id": "CVE-2006-2937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2937", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:17", "description": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.\nThis vulnerability is addressed in the following product releases:\r\nOpenSSL Project, OpenSSL, 0.9.7l (or later)\r\nOpenSSL Project, OpenSSL, 0.9.8d (or later)", "edition": 3, "cvss3": {}, "published": "2006-09-28T18:07:00", "title": "CVE-2006-4343", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4343"], "modified": "2018-10-17T21:36:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8b", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/o:debian:debian_linux:3.1", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.7e"], "id": "CVE-2006-4343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4343", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-10-03T11:48:16", "description": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.\nFailed exploit attempts may crash applications, denying service to legitimate users.", "edition": 3, "cvss3": {}, "published": "2006-09-28T18:07:00", "title": "CVE-2006-3738", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3738"], "modified": "2018-10-17T21:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.7e"], "id": "CVE-2006-3738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3738", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:24:59", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0695\n\n\nThe OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025335.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025336.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025337.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025341.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025344.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025345.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025347.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl096b\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0695.html", "edition": 4, "modified": "2006-09-29T17:05:03", "published": "2006-09-29T03:35:21", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/025335.html", "id": "CESA-2006:0695", "title": "openssl, openssl096b security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:31", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0695-01\n\n\nThe OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-October/025349.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl095a\nopenssl096\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-10-02T01:43:05", "published": "2006-10-02T01:43:05", "href": "http://lists.centos.org/pipermail/centos-announce/2006-October/025349.html", "id": "CESA-2006:0695-01", "title": "openssl, openssl095a, openssl096 security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:15:18", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "Several security problems were found and fixed in the OpenSSL cryptographic library.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-09-28T16:40:53", "published": "2006-09-28T16:40:53", "id": "SUSE-SA:2006:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-09/msg00025.html", "title": "remote denial of service in openssl", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "### Background\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. \n\n### Description\n\nTavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally, Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. \n\n### Impact\n\nAn attacker could trigger the buffer overflow by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally, a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll AMD64 x86 emulation base libraries users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/emul-linux-x86-baselibs-2.5.5\"", "edition": 1, "modified": "2006-12-11T00:00:00", "published": "2006-12-11T00:00:00", "id": "GLSA-200612-11", "href": "https://security.gentoo.org/glsa/200612-11", "type": "gentoo", "title": "AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "### Background\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. \n\n### Description\n\nTavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. \n\n### Impact\n\nAn attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.7l\"", "edition": 1, "modified": "2006-10-24T00:00:00", "published": "2006-10-24T00:00:00", "id": "GLSA-200610-11", "href": "https://security.gentoo.org/glsa/200610-11", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-09-26T17:22:57", "bulletinFamily": "software", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "edition": 1, "description": "This security advisory describes the following local OpenSSL vulnerabilities:\n\n * Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n * SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)\n * SSLv2 Client Crash (CVE-2006-4343)\n\nInformation about this advisory is available at the following location:\n\n<http://www.openssl.org/news/secadv_20060928.txt>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as CR70064, CR70063, CR69852, and CR69854 for BIG-IP LTM, GTM, ASM and Link Controller, and it was fixed in BIG-IP 9.1.3, 9.3.0, and 9.4.2. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, or Link Controller release notes.\n\nF5 Product Development tracked this issue as CR69955, CR70725, CR70726 and CR77281 for FirePass, and it was fixed in FirePass 5.5.2. For information about upgrading, refer to the FirePass release notes.\n\nAdditionally, a hotfix with the appropriate fixes is available for FirePass version 5.5.0. Customers affected by this issue can contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), referencing this article number, to request the hotfix. \n \nF5 Product Development tracked this issue as CR69892 for Enterprise Manager, and it was fixed in Enterprise Manager 1.4.0. For information about upgrading, refer to the Enterprise Manager release notes. \n\n", "modified": "2013-03-26T00:00:00", "published": "2007-05-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/700/sol6734.html", "id": "SOL6734", "title": "SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:35", "bulletinFamily": "software", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "edition": 1, "description": "", "modified": "2016-01-09T02:26:00", "published": "2007-05-17T04:00:00", "href": "https://support.f5.com/csp/article/K6734", "id": "F5:K6734", "title": "Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T02:11:17", "bulletinFamily": "software", "cvelist": ["CVE-2006-4339"], "edition": 1, "description": "**Note**: For information about signing up to receive security notice updates from F5, refer to [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>).\n\n**Note**: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**F5 products and versions that have been evaluated for this Security Advisory**\n\nProduct | Affected | Not Affected \n---|---|--- \nBIG-IP LTM | 9.0.0 - 9.1.2 \n9.2.0 - 9.2.3 | 9.1.3 \n9.2.4 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP GTM | 9.2.2 - 9.2.3 | 9.2.4 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP ASM | 9.2.0 - 9.2.3 | 9.2.4 - 9.2.5 \n9.x \n9.x \n10.x \n11.x \nBIG-IP Link Controller | 9.2.2 - 9.2.3 | 9.2.4 - 9.2.5 \n9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP WebAccelerator | None | 9.4.x \n10.x \n11.x \nBIG-IP PSM | None | 9.4.5 - 9.4.8 \n10.x \n11.x \nBIG-IP WAN Optimization | None | 10.x \n11.x \nBIG-IP APM | None | 10.x \n11.x \nBIG-IP Edge Gateway | None | 10.x \n11.x \nBIG-IP Analytics | None | 11.x \nBIG-IP AFM | None | 11.x \nBIG-IP PEM \n| None | 11.x \nFirePass | 5.4.2 - 5.5.1 \n6.0.0 | 5.5.2 \n6.0.1 - 6.0.3 \n7.x \nEnterprise Manager | 1.0.0 - 1.2.0 | 1.2.1 - 1.8 \n2.x \n3.x \n \nThis security advisory describes an OpenSSL signature vulnerability. Forged RSA signatures may be accepted during client certificate validations when the certificates are signed by certain Certificate Authority (CA). This flaw could potentially cause F5 products to accept maliciously crafted client certificates as valid. Customers using client certificate authentication are vulnerable.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339>\n\n<http://www.frsirt.com/english/advisories/2006/3453>\n\n<http://www.openssl.org/news/secadv_20060905.txt>\n\nF5 Product Development tracked this issue as CR69440 and it was fixed in BIG-IP LTM version 9.1.3. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>) release notes.\n\nF5 Product Development tracked this issue as CR69463 and it was fixed in BIG-IP LTM, GTM, ASM and Link Controller version 9.2.4. For information about upgrading, refer to the [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), or [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>) release notes. \n\n\nF5 Product Development tracked this issue as CR69441 and it was fixed in BIG-IP LTM, GTM, ASM and Link Controller version 9.4.0. For information about upgrading, refer to the [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), or [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>) release notes. \n\n\nF5 Product Development tracked this issue as CR69489 and it was fixed in FirePass versions 5.5.2 and 6.0.1. For information about upgrading, refer to the [FirePass](<https://support.f5.com/content/kb/en-us/products/firepass.html>) release notes. \n\n\nF5 Product Development tracked this issue as CR69465 and it was fixed in Enterprise Manager version 1.2.1. For information about upgrading, refer to the [Enterprise Manager](<https://support.f5.com/content/kb/en-us/products/em.html>) release notes. \n\n\n**Obtaining and installing patches**\n\nF5 Product Development has determined this to be a remotely exploitable vulnerability for BIG-IP LTM, BIG-IP GTM, BIG-IP Link Controller, 3-DNS, FirePass, and Enterprise Manager. F5 has made version-specific patches available that address the CRs for the BIG-IP LTM, BIG-IP GTM, BIG-IP Link Controller, 3-DNS, FirePass, and Enterprise Manager products. You can download these patches from the F5 [Downloads](<https://downloads.f5.com/esd/index.jsp>) page for the following products and versions:\n\nProduct | Version | Hotfix | Installation File \n---|---|---|--- \nBIG-IP LTM, GTM, \nand Link Controller | 9.1.0 \n9.1.1 \n9.1.2 \n9.2.2 \n9.2.3 | hotfix-cr69440 | Hotfix-BIG-IP-9.1.0-CR69440.im \nHotfix-BIG-IP-9.1.1-CR69440.im \nHotfix-BIG-IP-9.1.2-HF3.im \nHotfix-BIG-IP-9.2.2-CR69440.im \nHotfix-BIG-IP-9.2.3-CR69440.im \n \n3-DNS | 4.5.12 \n4.5.13 \n4.5.14 \n4.6.4 | hotfix-vu845620 | openssl-so_nx-1.0-6-BSD_OS-4.1.im \nFirePass | 5.4.2 \n5.5.0 \n5.5.1 \n6.0.0 | hotfix-cr69489 | HF-55325-56696-65044-67295-69489-69510-1-5.42-ALL-0.tar.gz.enc \nHF-56696-65044-67295-69489-69510-1-5.5-ALL-0.tar.gz.enc \nHF-65044-67295-69489-69510-1-5.51-ALL-0.tar.gz.enc \nHF-600-4-6.0-ALL-0.tar.gz.enc \n \nEnterprise Manager | 1.2.0 | hotfix-cr69465 | Hotfix-EM-1.2.0-CR69465.im \n \n**Note:** For more information about installing the hotfixes listed above, refer to the **readme** file on the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site for your version-specific hotfix.\n\n**Important: **The openssl-so_nx-1.0-6-BSD_OS-4.1.im patch supercedes the openssl-so_nx-1.0-7-BSD_OS-4.1.im patch. If the openssl-so_nx-1.0-7-BSD_OS-4.1.im patch has already been installed, you will need to use the **-force** option when installing the openssl-so_nx-1.0-6-BSD_OS-4.1.im patch.\n\nFor information about how to download software, refer to [K167: Downloading software from F5](<https://support.f5.com/csp/article/K167>).\n", "modified": "2016-01-09T02:24:00", "published": "2007-05-17T04:00:00", "href": "https://support.f5.com/csp/article/K6623", "id": "F5:K6623", "type": "f5", "title": "OpenSSL signature vulnerability - CVE-2006-4339", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:34", "bulletinFamily": "software", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2007-5135"], "edition": 1, "description": "", "modified": "2016-01-09T02:29:00", "published": "2007-11-16T03:00:00", "href": "https://support.f5.com/csp/article/K8106", "id": "F5:K8106", "title": "OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2007-5135"], "edition": 1, "description": "F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.\n\nF5 Product Development has determined that the FirePass product does not use the OpenSSL SSL_get_shared_ciphers functionality and is not vulnerable to the vulnerability described in this security advisory.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135>\n\n<http://www.openssl.org/news/secadv_20071012.txt>\n\n**Note**: The previous links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as CR87335 for the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator version 9.3 software branch and it was fixed in version 9.3.1. For more information about upgrading, refer to the BIG-IP LTM, GTM, ASM, and Link Controller release notes.\n\nF5 Product Development is tracked this issue as CR87358 for the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator version 9.4 software branch and it was fixed in version 9.4.5. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator release notes.\n\nAdditionally, this issue was fixed in Hotfix HF1 issued for BIG-IP 9.4.4. You may download this hotfix or later versions of the Hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nF5 Product Development is tracked this issue as CR87358 for Enterprise Manager and it was fixed in version 1.6.0. For information about upgrading, refer to the Enterprise Manager release notes.\n\nFor information about downloading software, refer to SOL167: Downloading software and firmware from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n", "modified": "2013-03-26T00:00:00", "published": "2007-11-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8106.html", "id": "SOL8106", "title": "SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:30:19", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1185-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nSeptember 28th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim&#x27;s computer.\n\nCVE-2006-2937\n\tDr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL two denial of service vulnerabilities were discovered.\n\n\tDuring the parsing of certain invalid ASN1 structures an error\n\tcondition is mishandled. This can result in an infinite loop\n\twhich consumes system memory.\n\n\tAny code which uses OpenSSL to parse ASN1 data from untrusted\n\tsources is affected. This includes SSL servers which enable\n\tclient authentication and S/MIME applications.\n\nCVE-2006-3738\n\tTavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a buffer overflow in SSL_get_shared_ciphers utility\n\tfunction, used by some applications such as exim and mysql. An\n\tattacker could send a list of ciphers that would overrun a\n\tbuffer.\n\nCVE-2006-4343\n\tTavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a possible DoS in the sslv2 client code. Where a\n\tclient application uses OpenSSL to make a SSLv2 connection to\n\ta malicious server that server could cause the client to\n\tcrash.\n\nCVE-2006-2940\n\tDr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL a DoS was discovered.\n\n\tCertain types of public key can take disproportionate amounts\n\tof time to process. This could be used by an attacker in a\n\tdenial of service attack.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge3.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-2 of the\nopenssl097 compatibility libraries, and version 0.9.8c-2 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.dsc\n Size/MD5 checksum: 639 fbf460591348b14103a3819d23164aee\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.diff.gz\n Size/MD5 checksum: 29882 25e5c57ee6c86d1e4cc335937040f251\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz\n Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 3341810 73ef8e1cafbfd142a903bd93535a2428\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 2448006 b42d228cd1cb48024b25f5bd7c6724b8\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_alpha.deb\n Size/MD5 checksum: 930188 b0b9a46a47a1992ed455f993b6007450\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 2693668 7a6d9f9ad43192bcfe9ed22bd4c227cb\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 703308 239e07d0029b78d339da49ea8dacb554\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_amd64.deb\n Size/MD5 checksum: 903744 de3413bf58707040d19a606311548ec7\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 2556374 4f3d5a82ab27e46f6174616dd2f0818c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 690118 80812ffefacc7d9800ce5286909aa815\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_arm.deb\n Size/MD5 checksum: 894114 053579483c0d83c11a4b15ade5e09d3b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 2695876 bee86edc3db3ac76a32efb84b1a1cfab\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 791316 5dfd66672700232356a26258a76bcffa\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_hppa.deb\n Size/MD5 checksum: 914574 bc996d3cd86b18090ee4c2f3f31dbdbc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 2553694 ceea98c69ca44649ee2c98cff0364e4b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 2264996 111668559caa8ea95ad3100af67e163e\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_i386.deb\n Size/MD5 checksum: 902750 39b743a6a47517245c3fba9289c86ddf\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 3396192 54868b4f5c27f5dc0a65b82594aa8bb0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 1038386 7fcec764f3b3d3ee53588791f7588ad9\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_ia64.deb\n Size/MD5 checksum: 975118 18239f1932f399df0396e81a1e57e5e3\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 2317346 cf221d4a25c8913c1183078f1974b46b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 661672 1a1e72d032cbd37400a65ef7ddf9af6d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_m68k.deb\n Size/MD5 checksum: 889874 6eaaf9b7b9651b37437b78d7a95a562a\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 2779474 383cc3f4bd2c75515e415c48fc6c66eb\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 706660 aaa773471c553fd971b3158e35ceb675\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mips.deb\n Size/MD5 checksum: 896780 21c648b8e817ce098d9d85f311163e34\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 2767338 bc2e40477ad28b1eedb69e6542b1ab08\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 694486 8c31bcea415ae3d725844e45a733d7fe\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mipsel.deb\n Size/MD5 checksum: 895860 8af869dc9a903f8a226d33cdcffc7eab\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 2775400 91f923d2f4f3938ef8a786b291865f0a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 779452 3b094894ca6d75b7c86684c7cd62f5bf\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_powerpc.deb\n Size/MD5 checksum: 908316 b93dffc572d91d9e4154b73c57b41e88\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 2717840 a96fb19009ddc10b1901f34e232109ae\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 813968 1cf6dbddb023dfe8c55d30d19bc0ff57\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_s390.deb\n Size/MD5 checksum: 918504 73d2f71ec2c8ebd4cc3f481096202664\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 2630560 059abd03c994e3d6851f38f6f7dd5446\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 1886038 4900a7af6cbef9e37c902a3c14ac33ac\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_sparc.deb\n Size/MD5 checksum: 924472 27f194ff2250fc91d0375c02d6686272\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2006-09-28T00:00:00", "published": "2006-09-28T00:00:00", "id": "DEBIAN:DSA-1185-1:2C57C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00279.html", "title": "[SECURITY] [DSA 1185-1] New openssl packages fix denial of service", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "description": "The OpenSSL toolkit provides support for secure communications between\r\nmachines. OpenSSL includes a certificate management tool and shared\r\nlibraries which provide various cryptographic algorithms and protocols.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\r\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\r\nattacker could send a list of ciphers to an application that used this\r\nfunction and overrun a buffer (CVE-2006-3738). Few applications make use\r\nof this vulnerable function and generally it is used only when applications\r\nare compiled for debugging.\r\n\r\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \r\nflaw in the SSLv2 client code. When a client application used OpenSSL to\r\ncreate an SSLv2 connection to a malicious server, that server could cause\r\nthe client to crash. (CVE-2006-4343)\r\n\r\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently\r\ndeveloped an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered\r\ndenial of service vulnerabilities: \r\n\r\n* Certain public key types can take disproportionate amounts of time to\r\nprocess, leading to a denial of service. (CVE-2006-2940)\r\n\r\n* During parsing of certain invalid ASN.1 structures an error condition was\r\nmishandled. This can result in an infinite loop which consumed system\r\nmemory (CVE-2006-2937). This issue does not affect the OpenSSL version\r\ndistributed in Red Hat Enterprise Linux 2.1.\r\n\r\nThese vulnerabilities can affect applications which use OpenSSL to parse\r\nASN.1 data from untrusted sources, including SSL servers which enable\r\nclient authentication and S/MIME applications.\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\r\n\r\nNote: After installing this update, users are advised to either restart all\r\nservices that use OpenSSL or restart their system.", "modified": "2019-03-22T23:42:38", "published": "2006-09-28T04:00:00", "id": "RHSA-2006:0695", "href": "https://access.redhat.com/errata/RHSA-2006:0695", "type": "redhat", "title": "(RHSA-2006:0695) openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:41:21", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "description": "Dr. Henson of the OpenSSL core team and Open Network Security \ndiscovered a mishandled error condition in the ASN.1 parser. By \nsending specially crafted packet data, a remote attacker could exploit \nthis to trigger an infinite loop, which would render the service \nunusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of \ntime to process. The library now limits the maximum key exponent size \nto avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a \nbuffer overflow in the SSL_get_shared_ciphers() function. By sending \nspecially crafted packets to applications that use this function (like \nExim, MySQL, or the openssl command line tool), a remote attacker \ncould exploit this to execute arbitrary code with the server's \nprivileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported \nthat the get_server_hello() function did not sufficiently check the \nclient's session certificate. This could be exploited to crash clients \nby remote attackers sending specially crafted SSL responses. \n(CVE-2006-4343)", "edition": 6, "modified": "2006-09-29T00:00:00", "published": "2006-09-29T00:00:00", "id": "USN-353-1", "href": "https://ubuntu.com/security/notices/USN-353-1", "title": "openssl vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:02", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343"], "description": "New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:\n Upgraded to shared libraries from openssl-0.9.7l.\n See openssl package update below.\n (* Security fix *)\npatches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:\n Upgraded to openssl-0.9.7l.\n This fixes a few security related issues:\n During the parsing of certain invalid ASN.1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory (CVE-2006-2937). (This issue did not affect\n OpenSSL versions prior to 0.9.7)\n Thanks to Dr S. N. Henson of Open Network Security and NISCC.\n Certain types of public key can take disproportionate amounts of\n time to process. This could be used by an attacker in a denial of\n service attack (CVE-2006-2940).\n Thanks to Dr S. N. Henson of Open Network Security and NISCC.\n A buffer overflow was discovered in the SSL_get_shared_ciphers()\n utility function. An attacker could send a list of ciphers to an\n application that uses this function and overrun a buffer.\n (CVE-2006-3738)\n Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.\n A flaw in the SSLv2 client code was discovered. When a client\n application used OpenSSL to create an SSLv2 connection to a malicious\n server, that server could cause the client to crash (CVE-2006-4343).\n Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.\n Links to the CVE entries will be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7l-i386-1_slack9.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7l-i386-1_slack9.0.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack9.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7l-i486-1_slack9.1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-0.9.7l-i486-1_slack10.0.tgz\n\nUpdated packages for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-0.9.7l-i486-1_slack10.1.tgz\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8d-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8d-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 packages:\n3b17c8be79ca99cb16321d2675f2885d openssl-0.9.7l-i386-1_slack9.0.tgz\na7cb86681f01b57f7bff49842b393a67 openssl-solibs-0.9.7l-i386-1_slack9.0.tgz\n\nSlackware 9.1 packages:\nf222c26925ce542a25a93df674e8106c openssl-0.9.7l-i486-1_slack9.1.tgz\nfca221391f0b591373b6e38f1d732d63 openssl-solibs-0.9.7l-i486-1_slack9.1.tgz\n\nSlackware 10.0 packages:\na1013cef56210154a2259c5135f1d047 openssl-0.9.7l-i486-1_slack10.0.tgz\n35c40208e50ca4bcd7e7e16ce5db1526 openssl-solibs-0.9.7l-i486-1_slack10.0.tgz\n\nSlackware 10.1 packages:\n6c87f5baca8855cd07031824b747fe80 openssl-0.9.7l-i486-1_slack10.1.tgz\n3ae63bd5b7178f880e8ed5a3af602b50 openssl-solibs-0.9.7l-i486-1_slack10.1.tgz\n\nSlackware 10.2 packages:\na97c874a4bf6dc4ca6a4617966108a45 openssl-0.9.7l-i486-1_slack10.2.tgz\n06b462fad82d28af4fba3f35f2ed25a1 openssl-solibs-0.9.7l-i486-1_slack10.2.tgz\n\nSlackware -current package:\n88264ebbe45eb908c2d3f3f32c367cf6 openssl-solibs-0.9.8d-i486-1.tgz\n9f9d2d98fefd5cbd9334cfa374934efa openssl-0.9.8d-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-solibs-0.9.7l-i486-1_slack10.2.tgz openssl-0.9.7l-i486-1_slack10.2.tgz", "modified": "2006-09-29T07:57:13", "published": "2006-09-29T07:57:13", "id": "SSA-2006-272-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openssl": [{"lastseen": "2020-09-14T11:36:53", "bulletinFamily": "software", "cvelist": ["CVE-2006-2940"], "description": " Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. Reported by openssl. \n\n * Fixed in OpenSSL 0.9.8d (Affected 0.9.8-0.9.8c)\n * Fixed in OpenSSL 0.9.7l (Affected 0.9.7-0.9.7k)\n", "edition": 1, "modified": "2006-09-28T00:00:00", "published": "2006-09-28T00:00:00", "id": "OPENSSL:CVE-2006-2940", "href": "https://www.openssl.org/news/secadv/20060928.txt", "title": "Vulnerability in OpenSSL CVE-2006-2940", "type": "openssl", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T11:36:53", "bulletinFamily": "software", "cvelist": ["CVE-2006-2937"], "description": " During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory Reported by openssl. \n\n * Fixed in OpenSSL 0.9.8d (Affected 0.9.8-0.9.8c)\n * Fixed in OpenSSL 0.9.7l (Affected 0.9.7-0.9.7k)\n", "edition": 1, "modified": "2006-09-28T00:00:00", "published": "2006-09-28T00:00:00", "id": "OPENSSL:CVE-2006-2937", "href": "https://www.openssl.org/news/secadv/20060928.txt", "title": "Vulnerability in OpenSSL CVE-2006-2937", "type": "openssl", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "bulletinFamily": "software", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-3780", "CVE-2006-4343"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security/ http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2006.021 28-Sep-2006\r\n________________________________________________________________________\r\n\r\nPackage: openssl\r\nVulnerability: denial of service\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT &lt;= openssl-0.9.8c-20060905 &gt;= openssl-0.9.8d-20060928\r\nOpenPKG 2-STABLE &lt;= openssl-0.9.8c-2.20060906 &gt;= openssl-0.9.8d-2.20060928\r\nOpenPKG 2.5-RELEASE &lt;= openssl-0.9.8a-2.5.2 &gt;= openssl-0.9.8a-2.5.3\r\n\r\nDescription:\r\n According to a vendor security advisory [0], four security issues\r\n were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:\r\n\r\n 1. ASN.1 Denial of Service Attack &#40;1/2&#41;\r\n\r\n During the parsing of certain invalid ASN.1 structures an error\r\n condition is mishandled. This can result in an infinite loop which\r\n consumes system memory. The Common Vulnerabilities and Exposures\r\n &#40;CVE&#41; project assigned the id CVE-2006-2937 [2] to the problem.\r\n\r\n 2. ASN.1 Denial of Service Attack &#40;2/2&#41;\r\n\r\n Certain types of public key can take disproportionate amounts of\r\n time to process. This could be used by an attacker in a denial of\r\n service attack. The Common Vulnerabilities and Exposures &#40;CVE&#41;\r\n project assigned the id CVE-2006-2940 [3] to the problem.\r\n\r\n 3. SSL_get_shared_ciphers&#40;&#41; Buffer Overflow\r\n\r\n A buffer overflow was discovered in the SSL_get_shared_ciphers&#40;&#41;\r\n utility function. An attacker could send a list of ciphers to an\r\n application that uses this function and overrun a buffer. The\r\n Common Vulnerabilities and Exposures &#40;CVE&#41; project assigned the id\r\n CVE-2006-3780 [4] to the problem.\r\n\r\n 4. SSLv2 Client Crash\r\n \r\n A flaw in the SSLv2 client code was discovered. When a client\r\n application used OpenSSL to create an SSLv2 connection to a\r\n malicious server, that server could cause the client to crash. The\r\n Common Vulnerabilities and Exposures &#40;CVE&#41; project assigned the id\r\n CVE-2006-4343 [5] to the problem.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [0] http://www.openssl.org/news/secadv_20060928.txt \r\n [1] http://www.openssl.org/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\r\n [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\r\n [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\r\n [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key &quot;OpenPKG &lt;openpkg@openpkg.org&gt;&quot; &#40;ID 63C4CB9F&#41; of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG &lt;openpkg@openpkg.org&gt;\r\n\r\niD8DBQFFG88pgHWT4GPEy58RAh8TAJ4/zpIxAmBkivnMe5QzGxHrJHhkbwCg15li\r\nsTSkwWgrJGLza3OQ/yQJSfs=\r\n=qyrR\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2006-09-29T00:00:00", "published": "2006-09-29T00:00:00", "id": "SECURITYVULNS:DOC:14486", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14486", "title": "[OpenPKG-SA-2006.021] OpenPKG Security Advisory &#40;openssl&#41;", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-2938"], "description": "\nProblem Description:\nSeveral problems have been found in OpenSSL:\n\nDuring the parsing of certain invalid ASN1 structures an\n\t error condition is mishandled, possibly resulting in an\n\t infinite loop.\nA buffer overflow exists in the SSL_get_shared_ciphers\n\t function.\nA NULL pointer may be dereferenced in the SSL version 2\n\t client code.\n\nIn addition, many applications using OpenSSL do not perform\n\t any validation of the lengths of public keys being used.\nImpact:\nServers which parse ASN1 data from untrusted sources may be\n\t vulnerable to a denial of service attack.\nAn attacker accessing a server which uses SSL version 2 may\n\t be able to execute arbitrary code with the privileges of that\n\t server.\nA malicious SSL server can cause clients connecting using\n\t SSL version 2 to crash.\nApplications which perform public key operations using\n\t untrusted keys may be vulnerable to a denial of service\n\t attack.\nWorkaround:\nNo workaround is available, but not all of the\n\t vulnerabilities mentioned affect all applications.\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2006-09-28T00:00:00", "id": "0F37D765-C5D4-11DB-9F82-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/0f37d765-c5d4-11db-9f82-000e0c2e438a.html", "title": "OpenSSL -- Multiple problems in crypto(3)", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}