English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57445
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0695
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0695.

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer (CVE-2006-3738). Few applications make use
of this vulnerable function and generally it is used only when applications
are compiled for debugging.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
flaw in the SSLv2 client code. When a client application used OpenSSL to
create an SSLv2 connection to a malicious server, that server could cause
the client to crash. (CVE-2006-4343)

Dr S. N. Henson of the OpenSSL core team and Open Network Security recently
developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered
denial of service vulnerabilities:

* Certain public key types can take disproportionate amounts of time to
process, leading to a denial of service. (CVE-2006-2940)

* During parsing of certain invalid ASN.1 structures an error condition was
mishandled. This can result in an infinite loop which consumed system
memory (CVE-2006-2937). This issue does not affect the OpenSSL version
distributed in Red Hat Enterprise Linux 2.1.

These vulnerabilities can affect applications which use OpenSSL to parse
ASN.1 data from untrusted sources, including SSL servers which enable
client authentication and S/MIME applications.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0695.html
http://www.openssl.org/news/secadv_20060928.txt
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2937
1016943
http://securitytracker.com/id?1016943
102668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
102747
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
200585
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
2006-0054
http://www.trustix.org/errata/2006/0054
20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
20060928 rPSA-2006-0175-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447318/100/0/threaded
20060929 rPSA-2006-0175-2 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447393/100/0/threaded
20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
20070110 VMware ESX server security updates
http://www.securityfocus.com/archive/1/456546/100/200/threaded
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://www.securityfocus.com/archive/1/489739/100/0/threaded
201534
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
20248
http://www.securityfocus.com/bid/20248
22094
http://secunia.com/advisories/22094
22116
http://secunia.com/advisories/22116
22130
http://secunia.com/advisories/22130
22165
http://secunia.com/advisories/22165
22166
http://secunia.com/advisories/22166
22172
http://secunia.com/advisories/22172
22186
http://secunia.com/advisories/22186
22193
http://secunia.com/advisories/22193
22207
http://secunia.com/advisories/22207
22212
http://secunia.com/advisories/22212
22216
http://secunia.com/advisories/22216
22220
http://secunia.com/advisories/22220
22240
http://secunia.com/advisories/22240
22259
http://secunia.com/advisories/22259
22260
http://secunia.com/advisories/22260
22284
http://secunia.com/advisories/22284
22298
http://secunia.com/advisories/22298
22330
http://secunia.com/advisories/22330
22385
http://secunia.com/advisories/22385
22460
http://secunia.com/advisories/22460
22487
http://secunia.com/advisories/22487
22544
http://secunia.com/advisories/22544
22626
http://secunia.com/advisories/22626
22671
http://secunia.com/advisories/22671
22758
http://secunia.com/advisories/22758
22772
http://secunia.com/advisories/22772
22799
http://secunia.com/advisories/22799
23038
http://secunia.com/advisories/23038
23131
http://secunia.com/advisories/23131
23155
http://secunia.com/advisories/23155
23280
http://secunia.com/advisories/23280
23309
http://secunia.com/advisories/23309
23340
http://secunia.com/advisories/23340
23351
http://secunia.com/advisories/23351
23680
http://secunia.com/advisories/23680
23915
http://secunia.com/advisories/23915
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25889
http://secunia.com/advisories/25889
26329
http://secunia.com/advisories/26329
28276
http://www.securityfocus.com/bid/28276
29260
http://www.osvdb.org/29260
30124
http://secunia.com/advisories/30124
31492
http://secunia.com/advisories/31492
31531
http://secunia.com/advisories/31531
ADV-2006-3820
http://www.vupen.com/english/advisories/2006/3820
ADV-2006-3860
http://www.vupen.com/english/advisories/2006/3860
ADV-2006-3869
http://www.vupen.com/english/advisories/2006/3869
ADV-2006-3902
http://www.vupen.com/english/advisories/2006/3902
ADV-2006-3936
http://www.vupen.com/english/advisories/2006/3936
ADV-2006-4019
http://www.vupen.com/english/advisories/2006/4019
ADV-2006-4036
http://www.vupen.com/english/advisories/2006/4036
ADV-2006-4264
http://www.vupen.com/english/advisories/2006/4264
ADV-2006-4327
http://www.vupen.com/english/advisories/2006/4327
ADV-2006-4329
http://www.vupen.com/english/advisories/2006/4329
ADV-2006-4401
http://www.vupen.com/english/advisories/2006/4401
ADV-2006-4417
http://www.vupen.com/english/advisories/2006/4417
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2006-4761
http://www.vupen.com/english/advisories/2006/4761
ADV-2006-4980
http://www.vupen.com/english/advisories/2006/4980
ADV-2007-0343
http://www.vupen.com/english/advisories/2007/0343
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
ADV-2007-2783
http://www.vupen.com/english/advisories/2007/2783
ADV-2008-0905
http://www.vupen.com/english/advisories/2008/0905/references
ADV-2008-2396
http://www.vupen.com/english/advisories/2008/2396
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1185
http://www.debian.org/security/2006/dsa-1185
FreeBSD-SA-06:23.openssl
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
GLSA-200610-11
http://security.gentoo.org/glsa/glsa-200610-11.xml
GLSA-200612-11
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02174
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenPKG-SA-2006.021
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
RHSA-2006:0695
http://www.redhat.com/support/errata/RHSA-2006-0695.html
RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SSA:2006-272-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
SSRT061213
SSRT061239
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:058
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SUSE-SR:2006:024
http://www.novell.com/linux/security/advisories/2006_24_sr.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-353-1
http://www.ubuntu.com/usn/usn-353-1
VU#247744
http://www.kb.cert.org/vuls/id/247744
[3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#openssl2
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
http://marc.info/?l=bind-announce&m=116253119512445&w=2
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.openssl.org/news/secadv_20060928.txt
http://www.serv-u.com/releasenotes/
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
openssl-asn1-error-dos(29228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
oval:org.mitre.oval:def:10560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
Common Vulnerability Exposure (CVE) ID: CVE-2006-2940
1017522
http://securitytracker.com/id?1017522
20247
http://www.securityfocus.com/bid/20247
22083
http://www.securityfocus.com/bid/22083
22500
http://secunia.com/advisories/22500
23794
http://secunia.com/advisories/23794
26893
http://secunia.com/advisories/26893
29261
http://www.osvdb.org/29261
DSA-1195
http://www.debian.org/security/2006/dsa-1195
USN-353-2
http://www.ubuntu.com/usn/usn-353-2
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
https://issues.rpath.com/browse/RPL-1633
openssl-publickey-dos(29230)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
oval:org.mitre.oval:def:10311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311
Common Vulnerability Exposure (CVE) ID: CVE-2006-3738
102711
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
20070602 Recent OpenSSL exploits
http://www.securityfocus.com/archive/1/470460/100/0/threaded
201531
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
20249
http://www.securityfocus.com/bid/20249
22633
http://secunia.com/advisories/22633
22654
http://secunia.com/advisories/22654
22791
http://secunia.com/advisories/22791
29262
http://www.osvdb.org/29262
30161
http://secunia.com/advisories/30161
ADV-2006-4314
http://www.vupen.com/english/advisories/2006/4314
ADV-2006-4443
http://www.vupen.com/english/advisories/2006/4443
FreeBSD-SA-06:23
GLSA-200805-07
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
VU#547300
http://www.kb.cert.org/vuls/id/547300
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881
openssl-sslgetsharedciphers-bo(29237)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237
oval:org.mitre.oval:def:4256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256
oval:org.mitre.oval:def:9370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370
Common Vulnerability Exposure (CVE) ID: CVE-2006-4343
20246
http://www.securityfocus.com/bid/20246
25420
http://secunia.com/advisories/25420
29263
http://www.osvdb.org/29263
4773
https://www.exploit-db.com/exploits/4773
ADV-2007-1973
http://www.vupen.com/english/advisories/2007/1973
VU#386964
http://www.kb.cert.org/vuls/id/386964
http://www.ingate.com/relnote-452.php
openssl-sslv2-client-dos(29240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240
oval:org.mitre.oval:def:10207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
oval:org.mitre.oval:def:4356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.