CVE-2006-3738 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3738
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3738

Description: Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29237 UBUNTU http://www.ubuntu.com/usn/usn-353-1 TRUSTIX http://www.trustix.org/errata/2006/0054 SUSE http://www.novell.com/linux/security/advisories/2006_24_sr.html http://www.novell.com/linux/security/advisories/2006_58_openssl.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1 ST 1017522 1016943 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 SGI SAID Secunia Advisory: SA26329 Secunia Advisory: SA25889 Secunia Advisory: SA24930 Secunia Advisory: SA24950 Secunia Advisory: SA23915 Secunia Advisory: SA23794 Secunia Advisory: SA23680 Secunia Advisory: SA23340 Secunia Advisory: SA23280 Secunia Advisory: SA23309 Secunia Advisory: SA22298 Secunia Advisory: SA23155 Secunia Advisory: SA23038 Secunia Advisory: SA22772 Secunia Advisory: SA22791 Secunia Advisory: SA22799 Secunia Advisory: SA22758 Secunia Advisory: SA22487 Secunia Advisory: SA22654 Secunia Advisory: SA22633 Secunia Advisory: SA22626 Secunia Advisory: SA22544 Secunia Advisory: SA22500 Secunia Advisory: SA22460 Secunia Advisory: SA22385 Secunia Advisory: SA22330 Secunia Advisory: SA22284 Secunia Advisory: SA22220 Secunia Advisory: SA22116 Secunia Advisory: SA22216 Secunia Advisory: SA22240 Secunia Advisory: SA22212 Secunia Advisory: SA22172 Secunia Advisory: SA22166 Secunia Advisory: SA22260 Secunia Advisory: SA22259 Secunia Advisory: SA22207 Secunia Advisory: SA22193 Secunia Advisory: SA22186 Secunia Advisory: SA22165 Secunia Advisory: SA22094 Secunia Advisory: SA22130 Secunia Advisory: SA30124 Secunia Advisory: SA30161 Secunia Advisory: SA31492 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.redhat.com/support/errata/RHSA-2006-0695.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4256 OSVDB 29262 OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html OPENBSD http://openbsd.org/errata.html#openssl2 NETBSD MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml http://security.gentoo.org/glsa/glsa-200610-11.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc DEBIAN http://www.debian.org/security/2006/dsa-1195 http://www.debian.org/security/2006/dsa-1185 CONFIRM http://issues.rpath.com/browse/RPL-613 http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://docs.info.apple.com/article.html?artnum=304829 http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881 http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm http://www.serv-u.com/releasenotes/ http://openvpn.net/changelog.html http://kolab.org/security/kolab-vendor-notice-11.txt http://www.openssl.org/news/secadv_20060928.txt CISCO http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml CERT-VN 547300 CERT http://www.us-cert.gov/cas/techalerts/TA06-333A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/470460/100/0/threaded BID 20249 22083 APPLE http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Return to the previous page.