gsd-2006-3738
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
Aliases
Aliases
{ GSD: { alias: "CVE-2006-3738", description: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", id: "GSD-2006-3738", references: [ "https://www.suse.com/security/cve/CVE-2006-3738.html", "https://www.debian.org/security/2006/dsa-1195", "https://www.debian.org/security/2006/dsa-1185", "https://access.redhat.com/errata/RHSA-2008:0629", "https://access.redhat.com/errata/RHSA-2008:0525", "https://access.redhat.com/errata/RHSA-2008:0264", "https://access.redhat.com/errata/RHSA-2006:0695", "https://linux.oracle.com/cve/CVE-2006-3738.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2006-3738", ], details: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", id: "GSD-2006-3738", modified: "2023-12-13T01:19:57.868252Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2006-3738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", refsource: "MISC", url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "http://docs.info.apple.com/article.html?artnum=304829", refsource: "MISC", url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", refsource: "MISC", url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "http://secunia.com/advisories/22487", refsource: "MISC", url: "http://secunia.com/advisories/22487", }, { name: "http://secunia.com/advisories/23155", refsource: "MISC", url: "http://secunia.com/advisories/23155", }, { name: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", refsource: "MISC", url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "http://www.vupen.com/english/advisories/2006/4750", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "http://secunia.com/advisories/31492", refsource: "MISC", url: "http://secunia.com/advisories/31492", }, { name: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", refsource: "MISC", url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", refsource: "MISC", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { name: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", refsource: "MISC", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "http://issues.rpath.com/browse/RPL-613", refsource: "MISC", url: "http://issues.rpath.com/browse/RPL-613", }, { name: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", refsource: "MISC", url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", refsource: "MISC", url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "http://kolab.org/security/kolab-vendor-notice-11.txt", refsource: "MISC", url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", refsource: "MISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", refsource: "MISC", url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "http://openbsd.org/errata.html#openssl2", refsource: "MISC", url: "http://openbsd.org/errata.html#openssl2", }, { name: "http://openvpn.net/changelog.html", refsource: "MISC", url: "http://openvpn.net/changelog.html", }, { name: "http://secunia.com/advisories/22094", refsource: "MISC", url: "http://secunia.com/advisories/22094", }, { name: "http://secunia.com/advisories/22116", refsource: "MISC", url: "http://secunia.com/advisories/22116", }, { name: "http://secunia.com/advisories/22130", refsource: "MISC", url: "http://secunia.com/advisories/22130", }, { name: "http://secunia.com/advisories/22165", refsource: "MISC", url: "http://secunia.com/advisories/22165", }, { name: "http://secunia.com/advisories/22166", refsource: "MISC", url: "http://secunia.com/advisories/22166", }, { name: "http://secunia.com/advisories/22172", refsource: "MISC", url: "http://secunia.com/advisories/22172", }, { name: "http://secunia.com/advisories/22186", refsource: "MISC", url: "http://secunia.com/advisories/22186", }, { name: "http://secunia.com/advisories/22193", refsource: "MISC", url: "http://secunia.com/advisories/22193", }, { name: "http://secunia.com/advisories/22207", refsource: "MISC", url: "http://secunia.com/advisories/22207", }, { name: "http://secunia.com/advisories/22212", refsource: "MISC", url: "http://secunia.com/advisories/22212", }, { name: "http://secunia.com/advisories/22216", refsource: "MISC", url: "http://secunia.com/advisories/22216", }, { name: "http://secunia.com/advisories/22220", refsource: "MISC", url: "http://secunia.com/advisories/22220", }, { name: "http://secunia.com/advisories/22240", refsource: "MISC", url: "http://secunia.com/advisories/22240", }, { name: "http://secunia.com/advisories/22259", refsource: "MISC", url: "http://secunia.com/advisories/22259", }, { name: "http://secunia.com/advisories/22260", refsource: "MISC", url: "http://secunia.com/advisories/22260", }, { name: "http://secunia.com/advisories/22284", refsource: "MISC", url: "http://secunia.com/advisories/22284", }, { name: "http://secunia.com/advisories/22298", refsource: "MISC", url: "http://secunia.com/advisories/22298", }, { name: "http://secunia.com/advisories/22330", refsource: "MISC", url: "http://secunia.com/advisories/22330", }, { name: "http://secunia.com/advisories/22385", refsource: "MISC", url: "http://secunia.com/advisories/22385", }, { name: "http://secunia.com/advisories/22460", refsource: "MISC", url: "http://secunia.com/advisories/22460", }, { name: "http://secunia.com/advisories/22500", refsource: "MISC", url: "http://secunia.com/advisories/22500", }, { name: "http://secunia.com/advisories/22544", refsource: "MISC", url: "http://secunia.com/advisories/22544", }, { name: "http://secunia.com/advisories/22626", refsource: "MISC", url: "http://secunia.com/advisories/22626", }, { name: "http://secunia.com/advisories/22758", refsource: "MISC", url: "http://secunia.com/advisories/22758", }, { name: "http://secunia.com/advisories/22772", refsource: "MISC", url: "http://secunia.com/advisories/22772", }, { name: "http://secunia.com/advisories/22799", refsource: "MISC", url: "http://secunia.com/advisories/22799", }, { name: "http://secunia.com/advisories/23038", refsource: "MISC", url: "http://secunia.com/advisories/23038", }, { name: "http://secunia.com/advisories/23280", refsource: "MISC", url: "http://secunia.com/advisories/23280", }, { name: "http://secunia.com/advisories/23309", refsource: "MISC", url: "http://secunia.com/advisories/23309", }, { name: "http://secunia.com/advisories/23340", refsource: "MISC", url: "http://secunia.com/advisories/23340", }, { name: "http://secunia.com/advisories/23680", refsource: "MISC", url: "http://secunia.com/advisories/23680", }, { name: "http://secunia.com/advisories/23794", refsource: "MISC", url: "http://secunia.com/advisories/23794", }, { name: "http://secunia.com/advisories/23915", refsource: "MISC", url: "http://secunia.com/advisories/23915", }, { name: "http://secunia.com/advisories/24930", refsource: "MISC", url: "http://secunia.com/advisories/24930", }, { name: "http://secunia.com/advisories/24950", refsource: "MISC", url: "http://secunia.com/advisories/24950", }, { name: "http://secunia.com/advisories/25889", refsource: "MISC", url: "http://secunia.com/advisories/25889", }, { name: "http://secunia.com/advisories/26329", refsource: "MISC", url: "http://secunia.com/advisories/26329", }, { name: "http://secunia.com/advisories/30124", refsource: "MISC", url: "http://secunia.com/advisories/30124", }, { name: "http://security.gentoo.org/glsa/glsa-200610-11.xml", refsource: "MISC", url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "http://securitytracker.com/id?1016943", refsource: "MISC", url: "http://securitytracker.com/id?1016943", }, { name: "http://securitytracker.com/id?1017522", refsource: "MISC", url: "http://securitytracker.com/id?1017522", }, { name: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", refsource: "MISC", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", refsource: "MISC", url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", refsource: "MISC", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", refsource: "MISC", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", refsource: "MISC", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", refsource: "MISC", url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", refsource: "MISC", url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "http://www.debian.org/security/2006/dsa-1185", refsource: "MISC", url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "http://www.debian.org/security/2006/dsa-1195", refsource: "MISC", url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", refsource: "MISC", url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", refsource: "MISC", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", refsource: "MISC", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", refsource: "MISC", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", refsource: "MISC", url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", refsource: "MISC", url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", refsource: "MISC", url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { name: "http://www.openssl.org/news/secadv_20060928.txt", refsource: "MISC", url: "http://www.openssl.org/news/secadv_20060928.txt", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", refsource: "MISC", url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { name: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", refsource: "MISC", url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "http://www.securityfocus.com/bid/22083", refsource: "MISC", url: "http://www.securityfocus.com/bid/22083", }, { name: "http://www.serv-u.com/releasenotes/", refsource: "MISC", url: "http://www.serv-u.com/releasenotes/", }, { name: "http://www.trustix.org/errata/2006/0054", refsource: "MISC", url: "http://www.trustix.org/errata/2006/0054", }, { name: "http://www.ubuntu.com/usn/usn-353-1", refsource: "MISC", url: "http://www.ubuntu.com/usn/usn-353-1", }, { name: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", refsource: "MISC", url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "http://www.vupen.com/english/advisories/2006/3820", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "http://www.vupen.com/english/advisories/2006/3860", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "http://www.vupen.com/english/advisories/2006/3869", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "http://www.vupen.com/english/advisories/2006/3902", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "http://www.vupen.com/english/advisories/2006/3936", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "http://www.vupen.com/english/advisories/2006/4036", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "http://www.vupen.com/english/advisories/2006/4264", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4264", }, { name: "http://www.vupen.com/english/advisories/2006/4401", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "http://www.vupen.com/english/advisories/2006/4417", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "http://www.vupen.com/english/advisories/2007/0343", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "http://www.vupen.com/english/advisories/2007/1401", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "http://www.vupen.com/english/advisories/2007/2315", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "http://www.vupen.com/english/advisories/2007/2783", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", refsource: "MISC", url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", refsource: "MISC", url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "http://secunia.com/advisories/22633", refsource: "MISC", url: "http://secunia.com/advisories/22633", }, { name: "http://secunia.com/advisories/22654", refsource: "MISC", url: "http://secunia.com/advisories/22654", }, { name: "http://secunia.com/advisories/22791", refsource: "MISC", url: "http://secunia.com/advisories/22791", }, { name: "http://secunia.com/advisories/30161", refsource: "MISC", url: "http://secunia.com/advisories/30161", }, { name: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", refsource: "MISC", url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", refsource: "MISC", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", refsource: "MISC", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, { name: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", refsource: "MISC", url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { name: "http://www.kb.cert.org/vuls/id/547300", refsource: "MISC", url: "http://www.kb.cert.org/vuls/id/547300", }, { name: "http://www.osvdb.org/29262", refsource: "MISC", url: "http://www.osvdb.org/29262", }, { name: "http://www.securityfocus.com/archive/1/470460/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/470460/100/0/threaded", }, { name: "http://www.securityfocus.com/bid/20249", refsource: "MISC", url: "http://www.securityfocus.com/bid/20249", }, { name: "http://www.vupen.com/english/advisories/2006/4314", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4314", }, { name: "http://www.vupen.com/english/advisories/2006/4443", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2006/4443", }, { name: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", refsource: "MISC", url: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", }, { name: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", refsource: "MISC", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", }, { name: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", refsource: "MISC", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2006-3738", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "http://www.openssl.org/news/secadv_20060928.txt", refsource: "CONFIRM", tags: [], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { name: "VU#547300", refsource: "CERT-VN", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/547300", }, { name: "20249", refsource: "BID", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/20249", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", refsource: "FULLDISC", tags: [ "Patch", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "DSA-1185", refsource: "DEBIAN", tags: [ "Patch", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "FreeBSD-SA-06:23", refsource: "FREEBSD", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "RHSA-2006:0695", refsource: "REDHAT", tags: [ "Patch", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "SSA:2006-272-01", refsource: "SLACKWARE", tags: [ "Patch", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "USN-353-1", refsource: "UBUNTU", tags: [ "Patch", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { name: "22130", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22130", }, { name: "22094", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22094", }, { name: "22165", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22165", }, { name: "22186", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22186", }, { name: "22193", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22193", }, { name: "22207", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22207", }, { name: "22259", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22259", }, { name: "22260", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22260", }, { name: "http://kolab.org/security/kolab-vendor-notice-11.txt", refsource: "CONFIRM", tags: [ "Patch", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "OpenPKG-SA-2006.021", refsource: "OPENPKG", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { name: "SUSE-SA:2006:058", refsource: "SUSE", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "2006-0054", refsource: "TRUSTIX", tags: [ "Patch", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "1016943", refsource: "SECTRACK", tags: [ "Patch", ], url: "http://securitytracker.com/id?1016943", }, { name: "22166", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22166", }, { name: "22172", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22172", }, { name: "22212", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22212", }, { name: "22240", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22240", }, { name: "22216", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22216", }, { name: "22116", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22116", }, { name: "22220", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22220", }, { name: "http://openvpn.net/changelog.html", refsource: "CONFIRM", tags: [ "Patch", ], url: "http://openvpn.net/changelog.html", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", refsource: "OPENBSD", tags: [ "Patch", ], url: "http://openbsd.org/errata.html#openssl2", }, { name: "22284", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22284", }, { name: "22330", refsource: "SECUNIA", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22330", }, { name: "DSA-1195", refsource: "DEBIAN", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "102668", refsource: "SUNALERT", tags: [ "Patch", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "SUSE-SR:2006:024", refsource: "SUSE", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "29262", refsource: "OSVDB", tags: [ "Patch", ], url: "http://www.osvdb.org/29262", }, { name: "22385", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22385", }, { name: "22460", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22460", }, { name: "GLSA-200610-11", refsource: "GENTOO", tags: [], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "22500", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22500", }, { name: "22544", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22544", }, { name: "20061001-01-P", refsource: "SGI", tags: [], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "22626", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22626", }, { name: "22633", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22633", }, { name: "22654", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22654", }, { name: "22487", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22487", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", refsource: "CONFIRM", tags: [], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", refsource: "CISCO", tags: [], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", refsource: "CISCO", tags: [], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "102711", refsource: "SUNALERT", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "22758", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22758", }, { name: "22799", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22799", }, { name: "22791", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22791", }, { name: "22772", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22772", }, { name: "23038", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23038", }, { name: "APPLE-SA-2006-11-28", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", refsource: "CERT", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "23155", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23155", }, { name: "22298", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/22298", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", refsource: "CONFIRM", tags: [], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", refsource: "GENTOO", tags: [], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "23309", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23309", }, { name: "23280", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23280", }, { name: "23340", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23340", }, { name: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", refsource: "CONFIRM", tags: [], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "23680", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23680", }, { name: "23794", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23794", }, { name: "1017522", refsource: "SECTRACK", tags: [], url: "http://securitytracker.com/id?1017522", }, { name: "23915", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/23915", }, { name: "24950", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/24950", }, { name: "24930", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/24930", }, { name: "http://issues.rpath.com/browse/RPL-613", refsource: "CONFIRM", tags: [], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", refsource: "CONFIRM", tags: [], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "MDKSA-2006:172", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "MDKSA-2006:177", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "MDKSA-2006:178", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "22083", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/22083", }, { name: "25889", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/25889", }, { name: "26329", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/26329", }, { name: "201531", refsource: "SUNALERT", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, { name: "GLSA-200805-07", refsource: "GENTOO", tags: [], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { name: "NetBSD-SA2008-007", refsource: "NETBSD", tags: [], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { name: "30124", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30124", }, { name: "30161", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30161", }, { name: "31492", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/31492", }, { name: "RHSA-2008:0629", refsource: "REDHAT", tags: [], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "ADV-2007-2315", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "ADV-2006-3860", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "ADV-2006-4314", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4314", }, { name: "ADV-2006-4264", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4264", }, { name: "ADV-2006-4417", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "ADV-2007-1401", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "ADV-2006-4750", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "ADV-2006-3936", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "SSRT071304", refsource: "HP", tags: [], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "ADV-2006-3902", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2006-4401", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "HPSBMA02250", refsource: "HP", tags: [], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "ADV-2006-3820", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "ADV-2007-0343", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3869", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "ADV-2006-4036", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "ADV-2007-2783", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "ADV-2006-4443", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2006/4443", }, { name: "SSRT071299", refsource: "HP", tags: [], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBUX02174", refsource: "HP", tags: [], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "SSRT090208", refsource: "HP", tags: [], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { name: "http://www.serv-u.com/releasenotes/", refsource: "CONFIRM", tags: [], url: "http://www.serv-u.com/releasenotes/", }, { name: "http://docs.info.apple.com/article.html?artnum=304829", refsource: "CONFIRM", tags: [], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", refsource: "CONFIRM", tags: [], url: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", refsource: "CONFIRM", tags: [], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "openssl-sslgetsharedciphers-bo(29237)", refsource: "XF", tags: [], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", }, { name: "oval:org.mitre.oval:def:9370", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", }, { name: "oval:org.mitre.oval:def:4256", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", }, { name: "20070602 Recent OpenSSL exploits", refsource: "BUGTRAQ", tags: [], url: "http://www.securityfocus.com/archive/1/470460/100/0/threaded", }, { name: "20070110 VMware ESX server security updates", refsource: "BUGTRAQ", tags: [], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", refsource: "BUGTRAQ", tags: [], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", refsource: "BUGTRAQ", tags: [], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-17T21:29Z", publishedDate: "2006-09-28T18:07Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.