10

CVE-2006-3738

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 48.58% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/23794
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/bid/22083
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/23680
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://secunia.com/advisories/31492
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://openvpn.net/changelog.html
Patch
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23915
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.vupen.com/english/advisories/2007/0343
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/4750
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22487
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://secunia.com/advisories/26329
http://www.vupen.com/english/advisories/2007/2783
http://secunia.com/advisories/22259
Patch
Vendor Advisory
http://secunia.com/advisories/22260
Patch
Vendor Advisory
http://secunia.com/advisories/22284
Patch
Vendor Advisory
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.serv-u.com/releasenotes/
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
http://secunia.com/advisories/22298
http://www.novell.com/linux/security/advisories/2006_24_sr.html
Patch
Vendor Advisory
http://secunia.com/advisories/22116
Patch
Vendor Advisory
http://secunia.com/advisories/23038
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://www.trustix.org/errata/2006/0054
Patch
http://www.vupen.com/english/advisories/2006/4401
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
Patch
http://openbsd.org/errata.html#openssl2
Patch
http://secunia.com/advisories/22094
Patch
Vendor Advisory
http://secunia.com/advisories/22130
Patch
Vendor Advisory
http://secunia.com/advisories/22165
Patch
Vendor Advisory
http://secunia.com/advisories/22166
Patch
Vendor Advisory
http://secunia.com/advisories/22172
Patch
Vendor Advisory
http://secunia.com/advisories/22186
Patch
Vendor Advisory
http://secunia.com/advisories/22193
Patch
Vendor Advisory
http://secunia.com/advisories/22207
Patch
Vendor Advisory
http://secunia.com/advisories/22212
Patch
Vendor Advisory
http://secunia.com/advisories/22216
Patch
Vendor Advisory
http://secunia.com/advisories/22220
Patch
Vendor Advisory
http://secunia.com/advisories/22240
Patch
Vendor Advisory
http://secunia.com/advisories/22330
Patch
Vendor Advisory
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22772
http://secunia.com/advisories/23309
http://secunia.com/advisories/25889
http://secunia.com/advisories/30124
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://securitytracker.com/id?1016943
Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://www.debian.org/security/2006/dsa-1185
Patch
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
Patch
Vendor Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
Patch
Vendor Advisory
http://www.openssl.org/news/secadv_20060928.txt
http://www.redhat.com/support/errata/RHSA-2006-0695.html
Patch
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.ubuntu.com/usn/usn-353-1
Patch
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
http://secunia.com/advisories/22500
http://www.debian.org/security/2006/dsa-1195
Patch
Vendor Advisory
http://secunia.com/advisories/22633
http://secunia.com/advisories/22654
http://secunia.com/advisories/22791
http://secunia.com/advisories/30161
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/547300
US Government Resource
http://www.osvdb.org/29262
Patch
http://www.securityfocus.com/archive/1/470460/100/0/threaded
http://www.securityfocus.com/bid/20249
Patch
http://www.vupen.com/english/advisories/2006/4314
http://www.vupen.com/english/advisories/2006/4443
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370