Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57478
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1185-1 (openssl)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to openssl
announced via advisory DSA 1185-1.

Multiple vulnerabilities have been discovered in the OpenSSL
cryptographic software package that could allow an attacker to launch
a denial of service attack by exhausting system resources or crashing
processes on a victim's computer.

CVE-2006-2937
Dr S N Henson of the OpenSSL core team and Open Network
Security recently developed an ASN1 test suite for NISCC
(www.niscc.gov.uk). When the test suite was run against
OpenSSL two denial of service vulnerabilities were discovered.

During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop
which consumes system memory.

Any code which uses OpenSSL to parse ASN1 data from untrusted
sources is affected. This includes SSL servers which enable
client authentication and S/MIME applications.

CVE-2006-3738
Tavis Ormandy and Will Drewry of the Google Security Team
discovered a buffer overflow in SSL_get_shared_ciphers utility
function, used by some applications such as exim and mysql. An
attacker could send a list of ciphers that would overrun a
buffer.

CVE-2006-4343
Tavis Ormandy and Will Drewry of the Google Security Team
discovered a possible DoS in the sslv2 client code. Where a
client application uses OpenSSL to make a SSLv2 connection to
a malicious server that server could cause the client to
crash.

CVE-2006-2940
Dr S N Henson of the OpenSSL core team and Open Network
Security recently developed an ASN1 test suite for NISCC
(www.niscc.gov.uk). When the test suite was run against
OpenSSL a DoS was discovered.

Certain types of public key can take disproportionate amounts
of time to process. This could be used by an attacker in a
denial of service attack.

For the stable distribution (sarge) these problems have been fixed in
version 0.9.7e-3sarge3.

For the unstable and testing distributions (sid and etch,
respectively), these problems will be fixed in version 0.9.7k-2 of the
openssl097 compatibility libraries, and version 0.9.8c-2 of the
openssl package.

We recommend that you upgrade your openssl package. Note that

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201185-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2940
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 20247
http://www.securityfocus.com/bid/20247
BugTraq ID: 22083
http://www.securityfocus.com/bid/22083
BugTraq ID: 28276
http://www.securityfocus.com/bid/28276
Bugtraq: 20060928 rPSA-2006-0175-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/447318/100/0/threaded
Bugtraq: 20060929 rPSA-2006-0175-2 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/447393/100/0/threaded
Bugtraq: 20070110 VMware ESX server security updates (Google Search)
http://www.securityfocus.com/archive/1/456546/100/200/threaded
Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
Debian Security Information: DSA-1185 (Google Search)
http://www.debian.org/security/2006/dsa-1185
Debian Security Information: DSA-1195 (Google Search)
http://www.debian.org/security/2006/dsa-1195
FreeBSD Security Advisory: FreeBSD-SA-06:23.openssl
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
HPdes Security Advisory: HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPdes Security Advisory: HPSBUX02174
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HPdes Security Advisory: HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: SSRT061275
HPdes Security Advisory: SSRT071299
HPdes Security Advisory: SSRT071304
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
NETBSD Security Advisory: NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenBSD Security Advisory: [3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#openssl2
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.osvdb.org/29261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311
http://www.redhat.com/support/errata/RHSA-2006-0695.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://securitytracker.com/id?1016943
http://securitytracker.com/id?1017522
http://secunia.com/advisories/22094
http://secunia.com/advisories/22116
http://secunia.com/advisories/22130
http://secunia.com/advisories/22165
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22212
http://secunia.com/advisories/22216
http://secunia.com/advisories/22220
http://secunia.com/advisories/22240
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22284
http://secunia.com/advisories/22298
http://secunia.com/advisories/22330
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22487
http://secunia.com/advisories/22500
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22671
http://secunia.com/advisories/22758
http://secunia.com/advisories/22772
http://secunia.com/advisories/22799
http://secunia.com/advisories/23038
http://secunia.com/advisories/23155
http://secunia.com/advisories/23280
http://secunia.com/advisories/23309
http://secunia.com/advisories/23340
http://secunia.com/advisories/23351
http://secunia.com/advisories/23680
http://secunia.com/advisories/23794
http://secunia.com/advisories/23915
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25889
http://secunia.com/advisories/26329
http://secunia.com/advisories/26893
http://secunia.com/advisories/30124
http://secunia.com/advisories/31492
http://secunia.com/advisories/31531
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
SuSE Security Announcement: SUSE-SA:2006:058 (Google Search)
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SuSE Security Announcement: SUSE-SR:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-353-1
http://www.ubuntu.com/usn/usn-353-2
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2008/2396
XForce ISS Database: openssl-publickey-dos(29230)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
Common Vulnerability Exposure (CVE) ID: CVE-2006-3738
BugTraq ID: 20249
http://www.securityfocus.com/bid/20249
Bugtraq: 20070602 Recent OpenSSL exploits (Google Search)
http://www.securityfocus.com/archive/1/470460/100/0/threaded
CERT/CC vulnerability note: VU#547300
http://www.kb.cert.org/vuls/id/547300
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.osvdb.org/29262
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370
http://secunia.com/advisories/22633
http://secunia.com/advisories/22654
http://secunia.com/advisories/22791
http://secunia.com/advisories/30161
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
http://www.vupen.com/english/advisories/2006/4314
http://www.vupen.com/english/advisories/2006/4443
XForce ISS Database: openssl-sslgetsharedciphers-bo(29237)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237
Common Vulnerability Exposure (CVE) ID: CVE-2006-4343
BugTraq ID: 20246
http://www.securityfocus.com/bid/20246
CERT/CC vulnerability note: VU#386964
http://www.kb.cert.org/vuls/id/386964
https://www.exploit-db.com/exploits/4773
http://www.osvdb.org/29263
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
http://secunia.com/advisories/25420
http://www.vupen.com/english/advisories/2007/1973
XForce ISS Database: openssl-sslv2-client-dos(29240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240
Common Vulnerability Exposure (CVE) ID: CVE-2006-2937
BugTraq ID: 20248
http://www.securityfocus.com/bid/20248
CERT/CC vulnerability note: VU#247744
http://www.kb.cert.org/vuls/id/247744
http://www.osvdb.org/29260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
http://secunia.com/advisories/23131
http://www.vupen.com/english/advisories/2006/4761
XForce ISS Database: openssl-asn1-error-dos(29228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.