SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(HP Issues Fix for Tru64 UNIX) OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1017917
SecurityTracker URL:  http://securitytracker.com/id/1017917
CVE Reference:   CVE-2006-2937, CVE-2006-2940, CVE-2006-3738   (Links to External Site)
Date:  Apr 16 2007
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted, invalid ASN.1 structures to trigger an infinite loop [CVE-2006-2937]. As a result, the process will consume excessive system memory. Versions prior to 0.9.7 are not affected.

A remote user can use certain types of public keys to cause the target system to take a disproportionate amount of time to process [CVE-2006-2940].

Dr. S. N. Henson developed the ASN.1 test suite for NISCC that uncovered these denial of service vulnerabilities.

A user can send a specially crafted list of ciphers to an application that uses the SSL_get_shared_ciphers() function to trigger a buffer overflow and potentially execute arbitrary code [CVE-2006-3738]. The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with reporting this vulnerability.

A remote server can cause a connected SSLv2 client to crash [CVE-2006-4343]. The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with reporting this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   HP has issued the following fixes.

HP Tru64 UNIX Version 5.1B-4 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321

Name: T64KIT1001167-V51BB27-ES-20070321

MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315

Name: T64KIT1001163-V51BB26-ES-20070315

MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)

Location: http://h30097.www3.hp.com/cma/patches.html

Name: CPQIM360.SSL.01.tar.gz

MD5 Checksum: 1001a10ab642461c87540826dfe28652

The HP advisory is available at:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

Vendor URL:  www.openssl.org/news/secadv_20060928.txt (Links to External Site)
Cause:   Boundary error, Exception handling error, State error
Underlying OS:   UNIX (Tru64)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 29 2006 OpenSSL ASN.1 Bugs, SSL_get_shared_ciphers() Buffer Overflow, and SSLv2 Client Error Lets Remote Users Denial of Service or Execute Arbitrary Code



 Source Message Contents

Date:  Mon, 16 Apr 2007 11:05:54 -0400
Subject:  http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144



CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339 (SSL)
CVE-2007-0493, CVE-2007-0494 (BIND)


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC