Computer Security
[EN] securityvulns.ru no-pyccku


Multiple OpenSSL security vulnerabilities
updated since 29.09.2006
Published:28.09.2007
Source:
SecurityVulns ID:6663
Type:library
Threat Level:
8/10
Description:Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers() buffer overflow.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.)
Original documentdocumentMoritz Jodeit, OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (28.09.2007)
 documentOPENPKG, [OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl) (29.09.2006)
Files:Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod