CVE-2006-4343 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-4343

CVE-2006-4343

September 28, 2006

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Related Resources (132)

http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml

http://www.vupen.com/english/advisories/2006/3902

http://www.vupen.com/english/advisories/2007/1401

http://secunia.com/advisories/24950

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1

http://www.mandriva.com/security/advisories?name=MDKSA-2006:172

http://secunia.com/advisories/23038

https://www.exploit-db.com/exploits/4773

http://www.securityfocus.com/archive/1/456546/100/200/threaded

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

http://secunia.com/advisories/25889

http://secunia.com/advisories/22791

http://secunia.com/advisories/22626

http://www.debian.org/security/2006/dsa-1185

http://secunia.com/advisories/22193

http://secunia.com/advisories/22259

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771

http://secunia.com/advisories/22544

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540

http://openvpn.net/changelog.html

http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html

http://www.vupen.com/english/advisories/2008/0905/references

http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

http://secunia.com/advisories/23915

http://secunia.com/advisories/22284

http://www.trustix.org/errata/2006/0054

http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://issues.rpath.com/browse/RPL-613

http://www.ingate.com/relnote-452.php

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://secunia.com/advisories/22260

http://www.redhat.com/support/errata/RHSA-2006-0695.html

http://secunia.com/advisories/22487

http://www.securityfocus.com/archive/1/447318/100/0/threaded

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

http://security.gentoo.org/glsa/glsa-200610-11.xml

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vupen.com/english/advisories/2007/2783

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1

http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://secunia.com/advisories/22240

http://www.vupen.com/english/advisories/2006/4750

http://www.vupen.com/english/advisories/2006/4401

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vupen.com/english/advisories/2006/4443

http://secunia.com/advisories/22298

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://www.vupen.com/english/advisories/2006/3869

http://securitytracker.com/id?1016943

http://securitytracker.com/id?1017522

http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm

http://www.vupen.com/english/advisories/2006/4417

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://secunia.com/advisories/22207

http://secunia.com/advisories/23155

http://secunia.com/advisories/23340

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207

http://www.securityfocus.com/bid/28276

http://www.debian.org/security/2006/dsa-1195

http://www.securityfocus.com/bid/20246

http://secunia.com/advisories/22212

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

http://www.securityfocus.com/bid/22083

http://secunia.com/advisories/22758

http://secunia.com/advisories/22220

http://secunia.com/advisories/22330

http://secunia.com/advisories/22772

http://secunia.com/advisories/22385

http://secunia.com/advisories/26329

http://www.openssl.org/news/secadv_20060928.txt

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946

https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

http://www.vupen.com/english/advisories/2006/3820

http://secunia.com/advisories/23309

http://www.mandriva.com/security/advisories?name=MDKSA-2006:178

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100

http://secunia.com/advisories/22186

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356

http://secunia.com/advisories/25420

http://www.novell.com/linux/security/advisories/2006_58_openssl.html

http://docs.info.apple.com/article.html?artnum=304829

http://www.mandriva.com/security/advisories?name=MDKSA-2006:177

http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html

http://openbsd.org/errata.html#openssl2

http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

http://secunia.com/advisories/22460

http://www.securityfocus.com/archive/1/489739/100/0/threaded

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc

http://www.vupen.com/english/advisories/2006/4036

http://secunia.com/advisories/22130

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://secunia.com/advisories/30124

http://secunia.com/advisories/23280

http://kolab.org/security/kolab-vendor-notice-11.txt

http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html

http://www.vupen.com/english/advisories/2007/0343

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://secunia.com/advisories/22116

https://exchange.xforce.ibmcloud.com/vulnerabilities/29240

http://www.vupen.com/english/advisories/2006/4264

http://secunia.com/advisories/22172

http://secunia.com/advisories/22166

http://secunia.com/advisories/22216

https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4343

http://www.serv-u.com/releasenotes/

http://www.kb.cert.org/vuls/id/386964

http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

http://secunia.com/advisories/23680

http://secunia.com/advisories/23794

http://www.vupen.com/english/advisories/2006/3936

http://secunia.com/advisories/31492

http://secunia.com/advisories/22165

http://secunia.com/advisories/22799

http://www.securityfocus.com/archive/1/447393/100/0/threaded

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vupen.com/english/advisories/2006/3860

http://www.osvdb.org/29263

http://secunia.com/advisories/22094

http://www.ubuntu.com/usn/usn-353-1

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.novell.com/linux/security/advisories/2006_24_sr.html

http://secunia.com/advisories/22500

http://www.vupen.com/english/advisories/2007/1973

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

http://www.us-cert.gov/cas/techalerts/TA06-333A.html

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

CVSS v2

Base Score:

4.3

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

NULL Pointer Dereference

EPSS

Base Score:

6.93