CVE-2006-4343

CVSS V2 Medium 4.3 CVSS V3 None

Description

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Overview

CVE ID
CVE-2006-4343

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2006-09-28T18:07:00

Last Modified Date
2018-10-17T21:36:13

Weakness Enumerations

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:openssl:openssl:0.9.7:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.8:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*	1	OR
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:3.1:::::::*	1	OR
cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::*	1	OR
cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*	1	OR
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
4.3

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
2.9

References

Reference URL	Reference Tags
http://www.openssl.org/news/secadv_20060928.txt	Patch Third Party Advisory
http://www.kb.cert.org/vuls/id/386964	Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/20246	Patch Third Party Advisory VDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html	Mailing List Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0695.html	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946	Mailing List Third Party Advisory
http://www.ubuntu.com/usn/usn-353-1	Third Party Advisory
http://secunia.com/advisories/22130	Third Party Advisory
http://secunia.com/advisories/22094	Third Party Advisory
http://secunia.com/advisories/22165	Third Party Advisory
http://secunia.com/advisories/22186	Third Party Advisory
http://secunia.com/advisories/22193	Third Party Advisory
http://secunia.com/advisories/22207	Third Party Advisory
http://secunia.com/advisories/22259	Third Party Advisory
http://secunia.com/advisories/22260	Third Party Advisory
http://kolab.org/security/kolab-vendor-notice-11.txt	Broken Link
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html	Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_58_openssl.html	Broken Link
http://www.trustix.org/errata/2006/0054	Broken Link
http://securitytracker.com/id?1016943	Third Party Advisory VDB Entry
http://secunia.com/advisories/22166	Third Party Advisory
http://secunia.com/advisories/22172	Third Party Advisory
http://secunia.com/advisories/22212	Third Party Advisory
http://secunia.com/advisories/22240	Third Party Advisory
http://secunia.com/advisories/22216	Third Party Advisory
http://secunia.com/advisories/22116	Third Party Advisory
http://secunia.com/advisories/22220	Third Party Advisory
http://openvpn.net/changelog.html	Third Party Advisory
http://www.serv-u.com/releasenotes/	Third Party Advisory
http://openbsd.org/errata.html#openssl2	Third Party Advisory
http://secunia.com/advisories/22284	Third Party Advisory
http://secunia.com/advisories/22330	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1	Broken Link
http://www.novell.com/linux/security/advisories/2006_24_sr.html	Broken Link
http://www.osvdb.org/29263	Broken Link
http://secunia.com/advisories/22385	Third Party Advisory
http://secunia.com/advisories/22460	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200610-11.xml	Third Party Advisory
http://secunia.com/advisories/22500	Third Party Advisory
http://secunia.com/advisories/22544	Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	Third Party Advisory
http://secunia.com/advisories/22626	Third Party Advisory
http://secunia.com/advisories/22487	Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227	Broken Link
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml	Third Party Advisory
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1	Broken Link
http://secunia.com/advisories/22758	Third Party Advisory
http://secunia.com/advisories/22799	Third Party Advisory
http://secunia.com/advisories/22791	Third Party Advisory
http://secunia.com/advisories/22772	Third Party Advisory
http://secunia.com/advisories/23038	Third Party Advisory
http://docs.info.apple.com/article.html?artnum=304829	Third Party Advisory
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	Mailing List Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-333A.html	Third Party Advisory US Government Resource
http://secunia.com/advisories/23155	Third Party Advisory
http://secunia.com/advisories/22298	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml	Third Party Advisory
http://secunia.com/advisories/23309	Third Party Advisory
http://secunia.com/advisories/23280	Third Party Advisory
http://secunia.com/advisories/23340	Third Party Advisory
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	Third Party Advisory
http://secunia.com/advisories/23680	Third Party Advisory
http://secunia.com/advisories/23794	Third Party Advisory
http://securitytracker.com/id?1017522	Third Party Advisory VDB Entry
http://secunia.com/advisories/23915	Third Party Advisory
http://secunia.com/advisories/24950	Third Party Advisory
http://www.ingate.com/relnote-452.php	Broken Link
http://issues.rpath.com/browse/RPL-613	Broken Link
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178	Broken Link
http://www.securityfocus.com/bid/22083	Third Party Advisory VDB Entry
http://secunia.com/advisories/25420	Third Party Advisory
http://secunia.com/advisories/25889	Third Party Advisory
http://secunia.com/advisories/26329	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1	Broken Link
http://lists.vmware.com/pipermail/security-announce/2008/000008.html	Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0005.html	Third Party Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	Third Party Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html	Third Party Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html	Third Party Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html	Third Party Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	Third Party Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	Third Party Advisory
http://www.securityfocus.com/bid/28276	Third Party Advisory VDB Entry
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	Third Party Advisory
http://secunia.com/advisories/30124	Third Party Advisory
http://secunia.com/advisories/31492	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0629.html	Third Party Advisory
http://www.vupen.com/english/advisories/2006/3860	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4264	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4417	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/1401	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4750	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3936	Permissions Required Third Party Advisory
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144	Broken Link
http://www.vupen.com/english/advisories/2006/3902	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4401	Permissions Required Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771	Broken Link
http://www.vupen.com/english/advisories/2006/3820	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/1973	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/0343	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3869	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2008/0905/references	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4036	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/2783	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4443	Permissions Required Third Party Advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100	Broken Link
http://marc.info/?l=bugtraq&m=130497311408250&w=2	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html	Third Party Advisory
http://www.debian.org/security/2006/dsa-1185	Third Party Advisory
http://www.debian.org/security/2006/dsa-1195	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240	VDB Entry Third Party Advisory
https://www.exploit-db.com/exploits/4773	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207	Third Party Advisory
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/archive/1/447318/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2006-4343
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:13:21				Added to TrackCVE