Action not permitted
Modal body text goes here.
rhsa-2008_0525
Vulnerability from csaf_redhat
Published
2008-06-30 15:36
Modified
2024-11-05 16:55
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server Solaris client security update
Notes
Topic
Red Hat Network Satellite Server version 4.2.3 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server Solaris client components.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
This release corrects several security vulnerabilities in various
components shipped as part of the Red Hat Network Satellite Server Solaris
client. In a typical operating environment, these components are not used
by the Satellite Server in a vulnerable manner. These security updates will
reduce risk should these components be used by other applications.
Several flaws in Zlib was discovered. An attacker could create a
carefully-crafted compressed stream that would cause an application to
crash if the stream is opened by a user. (CVE-2005-2096). An attacker
could create a carefully crafted compressed stream that would cause an
application to crash if the stream is opened by a user. (CVE-2005-1849)
A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that used this function and overrun a buffer (CVE-2006-3738).
A flaw in the SSLv2 client code was discovered. If a client application
used OpenSSL to create an SSLv2 connection to a malicious server, that
server could cause the client to crash. (CVE-2006-4343)
An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA
key with exponent 3 is used it may be possible for an attacker to forge a
PKCS #1 v1.5 signature that would be incorrectly verified by
implementations that do not check for excess data in the RSA exponentiation
result of the signature. This issue affected applications that use OpenSSL
to verify X.509 certificates as well as other uses of PKCS #1 v1.5.
(CVE-2006-4339)
OpenSSL contained a software work-around for a bug in SSL handling in
Microsoft Internet Explorer version 3.0.2. It is enabled in most servers
that use OpenSSL to provide support for SSL and TLS. This work-around could
allow an attacker, acting as a "man in the middle" to force an SSL
connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0
or TLS 1.0. (CVE-2005-2969)
During OpenSSL parsing of certain invalid ASN.1 structures an error
condition was mishandled. This can result in an infinite loop which
consumed system memory (CVE-2006-2937).
Certain public key types can take disproportionate amounts of time to
process in OpenSSL, leading to a denial of service. (CVE-2006-2940)
A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings. If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application. (CVE-2006-4980)
A flaw was discovered in the strxfrm() function of Python's locale module.
Strings generated by this function were not properly NULL-terminated. This
may possibly cause disclosure of data stored in the memory of a Python
application using this function. (CVE-2007-2052)
Multiple integer overflow flaws were discovered in Python's imageop module.
If an application written in Python used the imageop module to process
untrusted images, it could cause the application to crash, enter an
infinite loop, or possibly execute arbitrary code with the privileges of
the Python interpreter. (CVE-2007-4965)
A stack-based buffer overflow was discovered in the Python interpreter,
which could allow a local user to gain privileges by running a script with
a long name from the current working directory. (CVE-2006-1542)
Users of Red Hat Network Satellite Server should upgrade to these updated
packages, which contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server Solaris client components.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user. (CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 is used it may be possible for an attacker to forge a\nPKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA exponentiation\nresult of the signature. This issue affected applications that use OpenSSL\nto verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around could\nallow an attacker, acting as a \"man in the middle\" to force an SSL\nconnection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0\nor TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). \n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled\nUTF-32/UCS-4 strings. If an application written in Python used the repr()\nfunction on untrusted data, this could lead to a denial of service or\npossibly allow the execution of arbitrary code with the privileges of the\nPython application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python\u0027s locale module.\nStrings generated by this function were not properly NULL-terminated. This\nmay possibly cause disclosure of data stored in the memory of a Python\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python\u0027s imageop module.\nIf an application written in Python used the imageop module to process\nuntrusted images, it could cause the application to crash, enter an\ninfinite loop, or possibly execute arbitrary code with the privileges of\nthe Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0525", "url": "https://access.redhat.com/errata/RHSA-2008:0525" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "235093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235093" }, { "category": "external", "summary": "295971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295971" }, { "category": "external", "summary": "430640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430640" }, { "category": "external", "summary": "430641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430641" }, { "category": "external", "summary": "430649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430649" }, { "category": "external", "summary": "430650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430650" }, { "category": "external", "summary": "430651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430651" }, { "category": "external", "summary": "430652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430652" }, { "category": "external", "summary": "430654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430654" }, { "category": "external", "summary": "430655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430655" }, { "category": "external", "summary": "430659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430659" }, { "category": "external", "summary": "430660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430660" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0525.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server Solaris client security update", "tracking": { "current_release_date": "2024-11-05T16:55:56+00:00", "generator": { "date": "2024-11-05T16:55:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0525", "initial_release_date": "2008-06-30T15:36:00+00:00", "revision_history": [ { "date": "2008-06-30T15:36:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-06-30T11:36:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:55:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product": { "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:4.2::el3" } } }, { "category": "product_name", "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:4.2::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "rhn-solaris-bootstrap-0:5.0.2-3.noarch", "product": { "name": "rhn-solaris-bootstrap-0:5.0.2-3.noarch", "product_id": "rhn-solaris-bootstrap-0:5.0.2-3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-solaris-bootstrap@5.0.2-3?arch=noarch" } } }, { "category": "product_version", "name": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "product": { "name": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "product_id": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn_solaris_bootstrap_5_0_2_3@1-0?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhn-solaris-bootstrap-0:5.0.2-3.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch" }, "product_reference": "rhn-solaris-bootstrap-0:5.0.2-3.noarch", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" }, "product_reference": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-solaris-bootstrap-0:5.0.2-3.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch" }, "product_reference": "rhn-solaris-bootstrap-0:5.0.2-3.noarch", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" }, "product_reference": "rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "relates_to_product_reference": "4AS-RHNSAT4.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2005-1849", "discovery_date": "2006-07-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430649" } ], "notes": [ { "category": "description", "text": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-1849" }, { "category": "external", "summary": "RHBZ#430649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-1849", "url": "https://www.cve.org/CVERecord?id=CVE-2005-1849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1849" } ], "release_date": "2005-08-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "zlib DoS" }, { "cve": "CVE-2005-2096", "discovery_date": "2006-06-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430650" } ], "notes": [ { "category": "description", "text": "zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2096" }, { "category": "external", "summary": "RHBZ#430650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2096", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2096" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2096", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2096" } ], "release_date": "2005-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "zlib DoS" }, { "cve": "CVE-2005-2969", "discovery_date": "2005-10-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430660" } ], "notes": [ { "category": "description", "text": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl mitm downgrade attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2969" }, { "category": "external", "summary": "RHBZ#430660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430660" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2969", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2969" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2969", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2969" } ], "release_date": "2005-10-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl mitm downgrade attack" }, { "cve": "CVE-2006-1542", "discovery_date": "2006-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430640" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "python buffer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-1542" }, { "category": "external", "summary": "RHBZ#430640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430640" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1542", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1542" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1542", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1542" } ], "release_date": "2005-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python buffer overflow" }, { "cve": "CVE-2006-2937", "discovery_date": "2006-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430655" } ], "notes": [ { "category": "description", "text": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl ASN.1 DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-2937" }, { "category": "external", "summary": "RHBZ#430655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430655" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-2937", "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2937", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2937" } ], "release_date": "2006-09-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl ASN.1 DoS" }, { "cve": "CVE-2006-2940", "discovery_date": "2006-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430654" } ], "notes": [ { "category": "description", "text": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl public key DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-2940" }, { "category": "external", "summary": "RHBZ#430654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-2940", "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2940", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2940" } ], "release_date": "2006-09-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl public key DoS" }, { "cve": "CVE-2006-3738", "discovery_date": "2006-08-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430652" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl get_shared_ciphers overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3738" }, { "category": "external", "summary": "RHBZ#430652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3738", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3738", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3738" } ], "release_date": "2006-09-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl get_shared_ciphers overflow" }, { "cve": "CVE-2006-4339", "discovery_date": "2006-09-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430659" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-4339" }, { "category": "external", "summary": "RHBZ#430659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430659" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4339", "url": "https://www.cve.org/CVERecord?id=CVE-2006-4339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4339" } ], "release_date": "2006-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl signature forgery" }, { "cve": "CVE-2006-4343", "discovery_date": "2006-08-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430651" } ], "notes": [ { "category": "description", "text": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl sslv2 client code", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-4343" }, { "category": "external", "summary": "RHBZ#430651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430651" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4343", "url": "https://www.cve.org/CVERecord?id=CVE-2006-4343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4343" } ], "release_date": "2006-09-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl sslv2 client code" }, { "cve": "CVE-2006-4980", "discovery_date": "2006-09-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430641" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.", "title": "Vulnerability description" }, { "category": "summary", "text": "python repr unicode buffer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-4980" }, { "category": "external", "summary": "RHBZ#430641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-4980", "url": "https://www.cve.org/CVERecord?id=CVE-2006-4980" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4980", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4980" } ], "release_date": "2006-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "python repr unicode buffer overflow" }, { "cve": "CVE-2007-2052", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2007-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "235093" } ], "notes": [ { "category": "description", "text": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.", "title": "Vulnerability description" }, { "category": "summary", "text": "python off-by-one locale.strxfrm() (possible memory disclosure)", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2052" }, { "category": "external", "summary": "RHBZ#235093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235093" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2052", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2052" } ], "release_date": "2007-04-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python off-by-one locale.strxfrm() (possible memory disclosure)" }, { "cve": "CVE-2007-4965", "discovery_date": "2007-09-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "295971" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.", "title": "Vulnerability description" }, { "category": "summary", "text": "python imageop module heap corruption", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4965" }, { "category": "external", "summary": "RHBZ#295971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4965", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4965", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4965" } ], "release_date": "2007-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:36:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "3AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch", "4AS-RHNSAT4.2:rhn-solaris-bootstrap-0:5.0.2-3.noarch", "4AS-RHNSAT4.2:rhn_solaris_bootstrap_5_0_2_3-0:1-0.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0525" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python imageop module heap corruption" } ] }
cve-2005-2096
Vulnerability from cvelistv5
Published
2005-07-06 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:15:37.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101989", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1" }, { "name": "DSA-1026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1026" }, { "name": "17236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17236" }, { "name": "20071018 Official Windows binaries of \"curl\" contain vulnerable zlib 1.2.2 (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482505/100/0/threaded" }, { "name": "hpux-secure-shell-dos(24064)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24064" }, { "name": "APPLE-SA-2008-11-13", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" }, { "name": "FreeBSD-SA-05:16.zlib", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc" }, { "name": "15949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15949" }, { "name": "DSA-797", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-797" }, { "name": "GLSA-200509-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" }, { "name": "1014398", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014398" }, { "name": "MDKSA-2005:196", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" }, { "name": "oval:org.mitre.oval:def:1542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "USN-151-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntulinux.org/usn/usn-151-3" }, { "name": "oval:org.mitre.oval:def:1262", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262" }, { "name": "20071021 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482601/100/0/threaded" }, { "name": "18507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18507" }, { "name": "17054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17054" }, { "name": "USN-148-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/148-1/" }, { "name": "14162", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14162" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" }, { "name": "HPSBUX02090", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "MDKSA-2006:070", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "17225", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17225" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" }, { "name": "SSRT051058", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded" }, { "name": "18406", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18406" }, { "name": "20071029 Windows binary of \"Virtual Floppy Drive 2.1\" contains vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482950/100/0/threaded" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24788" }, { "name": "MDKSA-2005:112", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:112" }, { "name": "32706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32706" }, { "name": "oval:org.mitre.oval:def:11500", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500" }, { "name": "17326", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17326" }, { "name": "ADV-2005-0978", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/0978" }, { "name": "20071018 Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482503/100/0/threaded" }, { "name": "20071029 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482949/100/0/threaded" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17516", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17516" }, { "name": "DSA-740", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-740" }, { "name": "ADV-2006-0144", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3298" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391" }, { "name": "RHSA-2005:569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-569.html" }, { "name": "GLSA-200507-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200507-05.xml" }, { "name": "19597", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19597" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm" }, { "name": "SCOSA-2006.6", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" }, { "name": "19550", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19550" }, { "name": "18377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18377" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "FLSA:162680", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" }, { "name": "VU#680620", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/680620" }, { "name": "20071020 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482571/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "101989", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1" }, { "name": "DSA-1026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1026" }, { "name": "17236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17236" }, { "name": "20071018 Official Windows binaries of \"curl\" contain vulnerable zlib 1.2.2 (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482505/100/0/threaded" }, { "name": "hpux-secure-shell-dos(24064)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24064" }, { "name": "APPLE-SA-2008-11-13", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" }, { "name": "FreeBSD-SA-05:16.zlib", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc" }, { "name": "15949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15949" }, { "name": "DSA-797", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-797" }, { "name": "GLSA-200509-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" }, { "name": "1014398", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014398" }, { "name": "MDKSA-2005:196", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" }, { "name": "oval:org.mitre.oval:def:1542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "USN-151-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntulinux.org/usn/usn-151-3" }, { "name": "oval:org.mitre.oval:def:1262", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262" }, { "name": "20071021 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482601/100/0/threaded" }, { "name": "18507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18507" }, { "name": "17054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17054" }, { "name": "USN-148-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/148-1/" }, { "name": "14162", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14162" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" }, { "name": "HPSBUX02090", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "MDKSA-2006:070", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "17225", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17225" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" }, { "name": "SSRT051058", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded" }, { "name": "18406", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18406" }, { "name": "20071029 Windows binary of \"Virtual Floppy Drive 2.1\" contains vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482950/100/0/threaded" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24788" }, { "name": "MDKSA-2005:112", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:112" }, { "name": "32706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32706" }, { "name": "oval:org.mitre.oval:def:11500", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500" }, { "name": "17326", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17326" }, { "name": "ADV-2005-0978", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/0978" }, { "name": "20071018 Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482503/100/0/threaded" }, { "name": "20071029 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482949/100/0/threaded" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17516", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17516" }, { "name": "DSA-740", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-740" }, { "name": "ADV-2006-0144", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3298" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391" }, { "name": "RHSA-2005:569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-569.html" }, { "name": "GLSA-200507-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200507-05.xml" }, { "name": "19597", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19597" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm" }, { "name": "SCOSA-2006.6", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" }, { "name": "19550", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19550" }, { "name": "18377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18377" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "FLSA:162680", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" }, { "name": "VU#680620", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/680620" }, { "name": "20071020 Re: Windows binary of \"GSview 4.8\" contain vulnerable zlib (CAN-2005-2096)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482571/100/0/threaded" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-2096", "datePublished": "2005-07-06T04:00:00", "dateReserved": "2005-06-30T00:00:00", "dateUpdated": "2024-08-07T22:15:37.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4343
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:06:07.432Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22212" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "4773", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/4773" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "openssl-sslv2-client-dos(29240)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25889" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30124" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ingate.com/relnote-452.php" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22626" }, { "name": "29263", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29263" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22130" }, { "name": "25420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25420" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2007-1973", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1973" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22284" }, { "name": "oval:org.mitre.oval:def:4356", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10207", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22799" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "VU#386964", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/386964" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "ADV-2006-4443", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4443" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "102711", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22791" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20246", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20246" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24950" }, { "name": "201531", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-28T00:00:00", "descriptions": [ { "lang": "en", "value": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22212" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "4773", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/4773" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "openssl-sslv2-client-dos(29240)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25889" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30124" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ingate.com/relnote-452.php" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22626" }, { "name": "29263", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29263" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22130" }, { "name": "25420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25420" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2007-1973", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1973" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22284" }, { "name": "oval:org.mitre.oval:def:4356", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10207", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22799" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "VU#386964", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/386964" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "ADV-2006-4443", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4443" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "102711", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22791" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20246", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20246" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24950" }, { "name": "201531", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-4343", "datePublished": "2006-09-28T18:00:00", "dateReserved": "2006-08-24T00:00:00", "dateUpdated": "2024-08-07T19:06:07.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-3738
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:54.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22212" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "VU#547300", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/547300" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23340" }, { "name": "ADV-2006-4314", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4314" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openvpn.net/changelog.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25889" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=498093\u0026RenditionID=\u0026poid=8881" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22626" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "oval:org.mitre.oval:def:9370", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22298" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24930" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "name": "oval:org.mitre.oval:def:4256", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "openssl-sslgetsharedciphers-bo(29237)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22193" }, { "name": "29262", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29262" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22799" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "20249", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20249" }, { "name": "ADV-2006-4443", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4443" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30161" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22186" }, { "name": "22633", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22633" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "name": "22654", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22654" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "102711", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "20070602 Recent OpenSSL exploits", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22791" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "FreeBSD-SA-06:23", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24950" }, { "name": "201531", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22212" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "VU#547300", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/547300" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23340" }, { "name": "ADV-2006-4314", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4314" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openvpn.net/changelog.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25889" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=498093\u0026RenditionID=\u0026poid=8881" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22626" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "oval:org.mitre.oval:def:9370", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22298" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24930" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "name": "oval:org.mitre.oval:def:4256", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "openssl-sslgetsharedciphers-bo(29237)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22193" }, { "name": "29262", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29262" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22799" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "20249", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20249" }, { "name": "ADV-2006-4443", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4443" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30161" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22186" }, { "name": "22633", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22633" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "name": "22654", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22654" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "102711", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "20070602 Recent OpenSSL exploits", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22791" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "FreeBSD-SA-06:23", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24950" }, { "name": "201531", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-3738", "datePublished": "2006-09-28T18:00:00", "dateReserved": "2006-07-20T00:00:00", "dateUpdated": "2024-08-07T18:39:54.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-2937
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:06:27.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22212" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.attachmate.com/techdocs/2374.html" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "31531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31531" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25889" }, { "name": "openssl-asn1-error-dos(29228)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "ADV-2006-4019", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4019" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22626" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "23351", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23351" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22671" }, { "name": "20248", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20248" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "name": "23131", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.f-secure.com/security/fsc-2006-6.shtml" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "ADV-2008-2396", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2396" }, { "name": "ADV-2006-4761", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4761" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22799" }, { "name": "200585", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.serv-u.com/releasenotes/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "29260", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29260" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "oval:org.mitre.oval:def:10560", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "102747", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" }, { "name": "VU#247744", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/247744" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "ADV-2006-4980", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4980" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-28T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22212" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.attachmate.com/techdocs/2374.html" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23309" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "31531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31531" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25889" }, { "name": "openssl-asn1-error-dos(29228)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "ADV-2006-4019", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4019" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22626" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "23351", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23351" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22671" }, { "name": "20248", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20248" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "name": "23131", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.f-secure.com/security/fsc-2006-6.shtml" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "ADV-2008-2396", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2396" }, { "name": "ADV-2006-4761", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4761" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22799" }, { "name": "200585", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.serv-u.com/releasenotes/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "29260", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29260" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "oval:org.mitre.oval:def:10560", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "102747", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" }, { "name": "VU#247744", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/247744" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "ADV-2006-4980", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4980" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24950" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-2937", "datePublished": "2006-09-28T18:00:00", "dateReserved": "2006-06-09T00:00:00", "dateUpdated": "2024-08-07T18:06:27.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-1849
Vulnerability from cvelistv5
Published
2005-07-26 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:06:57.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "zlib-codetable-dos(21456)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456" }, { "name": "DSA-1026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1026" }, { "name": "19334", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19334" }, { "name": "DSA-797", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-797" }, { "name": "DSA-763", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-763" }, { "name": "GLSA-200509-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" }, { "name": "MDKSA-2005:196", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "USN-151-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntulinux.org/usn/usn-151-3" }, { "name": "GLSA-200603-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml" }, { "name": "RHSA-2005:584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-584.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" }, { "name": "16137", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/16137" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:11402", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402" }, { "name": "18141", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/18141" }, { "name": "1014540", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014540" }, { "name": "SUSE-SA:2005:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2005_43_zlib.html" }, { "name": "MDKSA-2006:070", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24788" }, { "name": "17326", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17326" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17516", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17516" }, { "name": "14340", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14340" }, { "name": "19597", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19597" }, { "name": "SCOSA-2006.6", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" }, { "name": "19550", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19550" }, { "name": "18377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18377" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "FLSA:162680", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-07-21T00:00:00", "descriptions": [ { "lang": "en", "value": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "zlib-codetable-dos(21456)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456" }, { "name": "DSA-1026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1026" }, { "name": "19334", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19334" }, { "name": "DSA-797", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-797" }, { "name": "DSA-763", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-763" }, { "name": "GLSA-200509-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" }, { "name": "MDKSA-2005:196", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" }, { "tags": [ "x_refsource_MISC" ], "url": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "USN-151-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntulinux.org/usn/usn-151-3" }, { "name": "GLSA-200603-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml" }, { "name": "RHSA-2005:584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-584.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" }, { "name": "16137", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/16137" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:11402", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402" }, { "name": "18141", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/18141" }, { "name": "1014540", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014540" }, { "name": "SUSE-SA:2005:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2005_43_zlib.html" }, { "name": "MDKSA-2006:070", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "ADV-2007-1267", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" }, { "name": "24788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24788" }, { "name": "17326", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17326" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17516", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17516" }, { "name": "14340", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14340" }, { "name": "19597", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19597" }, { "name": "SCOSA-2006.6", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" }, { "name": "19550", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19550" }, { "name": "18377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18377" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "FLSA:162680", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2005-1849", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "zlib-codetable-dos(21456)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456" }, { "name": "DSA-1026", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1026" }, { "name": "19334", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19334" }, { "name": "DSA-797", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-797" }, { "name": "DSA-763", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-763" }, { "name": "GLSA-200509-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" }, { "name": "MDKSA-2005:196", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" }, { "name": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz", "refsource": "MISC", "url": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz" }, { "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" }, { "name": "USN-151-3", "refsource": "UBUNTU", "url": "http://www.ubuntulinux.org/usn/usn-151-3" }, { "name": "GLSA-200603-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml" }, { "name": "RHSA-2005:584", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-584.html" }, { "name": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" }, { "name": "16137", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16137" }, { "name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:11402", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402" }, { "name": "18141", "refsource": "OSVDB", "url": "http://www.osvdb.org/18141" }, { "name": "1014540", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014540" }, { "name": "SUSE-SA:2005:043", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_43_zlib.html" }, { "name": "MDKSA-2006:070", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" }, { "name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "ADV-2007-1267", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1267" }, { "name": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" }, { "name": "24788", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24788" }, { "name": "17326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17326" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17516", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17516" }, { "name": "14340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14340" }, { "name": "19597", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19597" }, { "name": "SCOSA-2006.6", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" }, { "name": "19550", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19550" }, { "name": "18377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18377" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "FLSA:162680", "refsource": "FEDORA", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-1849", "datePublished": "2005-07-26T04:00:00", "dateReserved": "2005-06-06T00:00:00", "dateUpdated": "2024-08-07T22:06:57.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-1542
Vulnerability from cvelistv5
Published
2006-03-30 11:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/31492 | third-party-advisory, x_refsource_SECUNIA | |
http://www.redhat.com/support/errata/RHSA-2008-0629.html | vendor-advisory, x_refsource_REDHAT | |
https://www.exploit-db.com/exploits/1591 | exploit, x_refsource_EXPLOIT-DB | |
http://www.gotfault.net/research/exploit/gexp-python.py | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:19:47.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "1591", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/1591" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gotfault.net/research/exploit/gexp-python.py" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "1591", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/1591" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.gotfault.net/research/exploit/gexp-python.py" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "1591", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1591" }, { "name": "http://www.gotfault.net/research/exploit/gexp-python.py", "refsource": "MISC", "url": "http://www.gotfault.net/research/exploit/gexp-python.py" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1542", "datePublished": "2006-03-30T11:00:00", "dateReserved": "2006-03-30T00:00:00", "dateUpdated": "2024-08-07T17:19:47.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-2969
Vulnerability from cvelistv5
Published
2005-10-18 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:53:29.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "17259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17259" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "SUSE-SA:2005:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2005_61_openssl.html" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26893" }, { "name": "17389", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17389" }, { "name": "ADV-2005-3056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/3056" }, { "name": "ADV-2007-2457", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2457" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "17813", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17813" }, { "name": "15071", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15071" }, { "name": "18165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18165" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23340" }, { "name": "18123", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18123" }, { "name": "DSA-881", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-881" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html" }, { "name": "ADV-2005-2659", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2659" }, { "name": "24799", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24799" }, { "name": "DSA-882", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-882" }, { "name": "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml" }, { "name": "17153", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17153" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "TSLSA-2005-0059", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" }, { "name": "17191", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17191" }, { "name": "ADV-2005-2908", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2908" }, { "name": "1015032", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015032" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "17344", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17344" }, { "name": "19185", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19185" }, { "name": "ADV-2005-2036", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2036" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt" }, { "name": "17589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17589" }, { "name": "ADV-2005-2710", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2710" }, { "name": "ADV-2005-3002", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/3002" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "17466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17466" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "17146", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17146" }, { "name": "17169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17169" }, { "name": "hitachi-hicommand-security-bypass(35287)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23280" }, { "name": "APPLE-SA-2005-11-29", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=302847" }, { "name": "23843", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23843" }, { "name": "17189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17189" }, { "name": "21827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21827" }, { "name": "17288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17288" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf" }, { "name": "MDKSA-2005:179", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179" }, { "name": "17632", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17632" }, { "name": "ADV-2007-0326", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0326" }, { "name": "17409", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17409" }, { "name": "25973", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25973" }, { "name": "oval:org.mitre.oval:def:11454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454" }, { "name": "17888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17888" }, { "name": "17210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17210" }, { "name": "DSA-875", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-875" }, { "name": "ADV-2006-3531", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3531" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20051011.txt" }, { "name": "17178", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17178" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html" }, { "name": "17432", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17432" }, { "name": "17180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17180" }, { "name": "101974", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1" }, { "name": "15647", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15647" }, { "name": "17335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17335" }, { "name": "RHSA-2005:762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-762.html" }, { "name": "RHSA-2005:800", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-800.html" }, { "name": "17151", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17151" }, { "name": "18663", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18663" }, { "name": "17617", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17617" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "18045", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18045" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "17259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17259" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "SUSE-SA:2005:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2005_61_openssl.html" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26893" }, { "name": "17389", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17389" }, { "name": "ADV-2005-3056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/3056" }, { "name": "ADV-2007-2457", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2457" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "17813", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17813" }, { "name": "15071", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15071" }, { "name": "18165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18165" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23340" }, { "name": "18123", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18123" }, { "name": "DSA-881", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-881" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html" }, { "name": "ADV-2005-2659", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2659" }, { "name": "24799", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24799" }, { "name": "DSA-882", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-882" }, { "name": "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml" }, { "name": "17153", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17153" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "TSLSA-2005-0059", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" }, { "name": "17191", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17191" }, { "name": "ADV-2005-2908", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2908" }, { "name": "1015032", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015032" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "17344", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17344" }, { "name": "19185", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19185" }, { "name": "ADV-2005-2036", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2036" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt" }, { "name": "17589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17589" }, { "name": "ADV-2005-2710", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2710" }, { "name": "ADV-2005-3002", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/3002" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "17466", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17466" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "17146", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17146" }, { "name": "17169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17169" }, { "name": "hitachi-hicommand-security-bypass(35287)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23280" }, { "name": "APPLE-SA-2005-11-29", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://docs.info.apple.com/article.html?artnum=302847" }, { "name": "23843", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23843" }, { "name": "17189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17189" }, { "name": "21827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21827" }, { "name": "17288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17288" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "tags": [ "x_refsource_MISC" ], "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf" }, { "name": "MDKSA-2005:179", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179" }, { "name": "17632", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17632" }, { "name": "ADV-2007-0326", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0326" }, { "name": "17409", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17409" }, { "name": "25973", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25973" }, { "name": "oval:org.mitre.oval:def:11454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454" }, { "name": "17888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17888" }, { "name": "17210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17210" }, { "name": "DSA-875", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-875" }, { "name": "ADV-2006-3531", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3531" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20051011.txt" }, { "name": "17178", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17178" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html" }, { "name": "17432", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17432" }, { "name": "17180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17180" }, { "name": "101974", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1" }, { "name": "15647", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15647" }, { "name": "17335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17335" }, { "name": "RHSA-2005:762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-762.html" }, { "name": "RHSA-2005:800", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-800.html" }, { "name": "17151", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17151" }, { "name": "18663", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18663" }, { "name": "17617", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17617" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "18045", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18045" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-2969", "datePublished": "2005-10-18T04:00:00", "dateReserved": "2005-09-19T00:00:00", "dateUpdated": "2024-08-07T22:53:29.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4339
Vulnerability from cvelistv5
Published
2006-09-05 17:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:06:07.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "SSRT061273", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495" }, { "name": "ADV-2006-3453", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3453" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "JVN#51615542", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN51615542/index.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "60799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60799" }, { "name": "28549", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/28549" }, { "name": "ADV-2006-4366", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4366" }, { "name": "22932", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22932" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "21791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21791" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html" }, { "name": "GLSA-201408-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26893" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20060905.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "22509", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22509" }, { "name": "MDKSA-2006:207", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207" }, { "name": "RHSA-2006:0661", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0661.html" }, { "name": "SUSE-SA:2006:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html" }, { "name": "21930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21930" }, { "name": "22940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22940" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "21852", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21852" }, { "name": "BEA07-169.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/238" }, { "name": "21823", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21823" }, { "name": "102657", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22938" }, { "name": "ADV-2006-3899", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3899" }, { "name": "22044", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22044" }, { "name": "ADV-2007-1945", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1945" }, { "name": "RHSA-2007:0062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html" }, { "name": "OpenPKG-SA-2006.029", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html" }, { "name": "ADV-2006-4206", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4206" }, { "name": "ADV-2006-3730", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3730" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "21812", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21812" }, { "name": "22523", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22523" }, { "name": "HPSBUX02165", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded" }, { "name": "22689", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22689" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "102759", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1" }, { "name": "GLSA-200609-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml" }, { "name": "22711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22711" }, { "name": "20060905 rPSA-2006-0163-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "[3.9] 20060908 011: SECURITY FIX: September 8, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://www.openbsd.org/errata.html" }, { "name": "22733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22733" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "22949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22949" }, { "name": "SSA:2006-310-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955" }, { "name": "USN-339-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-339-1" }, { "name": "ADV-2006-3566", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3566" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf" }, { "name": "SUSE-SR:2006:026", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "102744", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1" }, { "name": "22446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22446" }, { "name": "22939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22939" }, { "name": "24099", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24099" }, { "name": "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded" }, { "name": "25284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25284" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "1016791", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016791" }, { "name": "25649", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25649" }, { "name": "ADV-2010-0366", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0366" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22671" }, { "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "name": "102722", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1" }, { "name": "21785", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21785" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "DSA-1173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.us.debian.org/security/2006/dsa-1173" }, { "name": "38567", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38567" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "MDKSA-2006:161", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161" }, { "name": "21778", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21778" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "102696", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "ADV-2007-2163", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2163" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=3117" }, { "name": "102656", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1" }, { "name": "SUSE-SA:2007:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "21982", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21982" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.attachmate.com/techdocs/2137.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-616" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.attachmate.com/techdocs/2127.html" }, { "name": "GLSA-200610-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml" }, { "name": "DSA-1174", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1174" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "1000148", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openoffice.org/security/cves/CVE-2006-4339.html" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22799" }, { "name": "ADV-2006-4207", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4207" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.sybase.com/detail?id=1047991" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "21873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21873" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "RHSA-2007:0072", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html" }, { "name": "JVNDB-2012-000079", "tags": [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred" ], "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "ADV-2006-4744", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4744" }, { "name": "38568", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38568" }, { "name": "21846", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "HPSBUX02219", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495" }, { "name": "ADV-2007-0254", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0254" }, { "name": "SSRT061266", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "22161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22161" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22937" }, { "name": "22325", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22325" }, { "name": "102648", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.opera.com/support/search/supsearch.dml?index=845" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "21767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21767" }, { "name": "ADV-2007-1815", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1815" }, { "name": "22232", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22232" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21906" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22934", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22934" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "RHSA-2007:0073", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html" }, { "name": "22585", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22585" }, { "name": "25399", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25399" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "201247", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1" }, { "name": "openssl-rsa-security-bypass(28755)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755" }, { "name": "22513", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22513" }, { "name": "41818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41818" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.attachmate.com/techdocs/2128.html" }, { "name": "oval:org.mitre.oval:def:11656", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "21776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21776" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "FreeBSD-SA-06:19", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc" }, { "name": "23455", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23455" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28115" }, { "name": "22226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22226" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22936", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22936" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "OpenPKG-SA-2006.018", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "22545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22545" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "22948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22948" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "23841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23841" }, { "name": "ADV-2006-4205", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4205" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22036" }, { "name": "200708", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1" }, { "name": "ADV-2006-4586", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4586" }, { "name": "21927", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21927" }, { "name": "SUSE-SA:2006:055", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "ADV-2006-5146", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/5146" }, { "name": "21870", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21870" }, { "name": "ADV-2006-4216", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4216" }, { "name": "ADV-2006-3793", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3793" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "21709", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21709" }, { "name": "VU#845620", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/845620" }, { "name": "SSA:2006-257-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306" }, { "name": "GLSA-200609-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "102686", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24950" }, { "name": "19849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19849" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-27T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "SSRT061273", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495" }, { "name": "ADV-2006-3453", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3453" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "JVN#51615542", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN51615542/index.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://docs.info.apple.com/article.html?artnum=307177" }, { "name": "60799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60799" }, { "name": "28549", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/28549" }, { "name": "ADV-2006-4366", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4366" }, { "name": "22932", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22932" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "21791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21791" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html" }, { "name": "GLSA-201408-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26893" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20060905.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "22509", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22509" }, { "name": "MDKSA-2006:207", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207" }, { "name": "RHSA-2006:0661", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0661.html" }, { "name": "SUSE-SA:2006:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html" }, { "name": "21930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21930" }, { "name": "22940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22940" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "21852", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21852" }, { "name": "BEA07-169.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/238" }, { "name": "21823", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21823" }, { "name": "102657", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22938" }, { "name": "ADV-2006-3899", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3899" }, { "name": "22044", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22044" }, { "name": "ADV-2007-1945", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1945" }, { "name": "RHSA-2007:0062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html" }, { "name": "OpenPKG-SA-2006.029", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html" }, { "name": "ADV-2006-4206", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4206" }, { "name": "ADV-2006-3730", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3730" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "21812", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21812" }, { "name": "22523", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22523" }, { "name": "HPSBUX02165", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded" }, { "name": "22689", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22689" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "102759", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1" }, { "name": "GLSA-200609-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml" }, { "name": "22711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22711" }, { "name": "20060905 rPSA-2006-0163-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "name": "[3.9] 20060908 011: SECURITY FIX: September 8, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://www.openbsd.org/errata.html" }, { "name": "22733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22733" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "22949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22949" }, { "name": "SSA:2006-310-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955" }, { "name": "USN-339-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-339-1" }, { "name": "ADV-2006-3566", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3566" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf" }, { "name": "SUSE-SR:2006:026", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "102744", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1" }, { "name": "22446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22446" }, { "name": "22939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22939" }, { "name": "24099", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24099" }, { "name": "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded" }, { "name": "25284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25284" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "1016791", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016791" }, { "name": "25649", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25649" }, { "name": "ADV-2010-0366", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0366" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22671" }, { "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "name": "102722", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1" }, { "name": "21785", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21785" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "DSA-1173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.us.debian.org/security/2006/dsa-1173" }, { "name": "38567", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38567" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "MDKSA-2006:161", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161" }, { "name": "21778", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21778" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "102696", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1" }, { "name": "APPLE-SA-2007-12-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" }, { "name": "ADV-2007-2163", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2163" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=3117" }, { "name": "102656", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1" }, { "name": "SUSE-SA:2007:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "21982", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21982" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.attachmate.com/techdocs/2137.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-616" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.attachmate.com/techdocs/2127.html" }, { "name": "GLSA-200610-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml" }, { "name": "DSA-1174", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1174" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "1000148", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openoffice.org/security/cves/CVE-2006-4339.html" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22799" }, { "name": "ADV-2006-4207", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4207" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.sybase.com/detail?id=1047991" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "21873", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21873" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "RHSA-2007:0072", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html" }, { "name": "JVNDB-2012-000079", "tags": [ "third-party-advisory", "x_refsource_JVNDB" ], "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.serv-u.com/releasenotes/" }, { "name": "ADV-2006-4744", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4744" }, { "name": "38568", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38568" }, { "name": "21846", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "HPSBUX02219", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495" }, { "name": "ADV-2007-0254", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0254" }, { "name": "SSRT061266", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "ADV-2007-4224", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4224" }, { "name": "22161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22161" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22937" }, { "name": "22325", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22325" }, { "name": "102648", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.opera.com/support/search/supsearch.dml?index=845" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "21767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21767" }, { "name": "ADV-2007-1815", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1815" }, { "name": "22232", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22232" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21906" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22934", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22934" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "RHSA-2007:0073", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html" }, { "name": "22585", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22585" }, { "name": "25399", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25399" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "201247", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1" }, { "name": "openssl-rsa-security-bypass(28755)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755" }, { "name": "22513", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22513" }, { "name": "41818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41818" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.attachmate.com/techdocs/2128.html" }, { "name": "oval:org.mitre.oval:def:11656", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "21776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21776" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "FreeBSD-SA-06:19", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc" }, { "name": "23455", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23455" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "28115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28115" }, { "name": "22226", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22226" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22936", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22936" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "OpenPKG-SA-2006.018", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "22545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22545" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "22948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22948" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "23841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23841" }, { "name": "ADV-2006-4205", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4205" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22036" }, { "name": "200708", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1" }, { "name": "ADV-2006-4586", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4586" }, { "name": "21927", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21927" }, { "name": "SUSE-SA:2006:055", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "ADV-2006-5146", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/5146" }, { "name": "21870", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21870" }, { "name": "ADV-2006-4216", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4216" }, { "name": "ADV-2006-3793", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3793" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "21709", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21709" }, { "name": "VU#845620", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/845620" }, { "name": "SSA:2006-257-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306" }, { "name": "GLSA-200609-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "102686", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24950" }, { "name": "19849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19849" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-4339", "datePublished": "2006-09-05T17:00:00", "dateReserved": "2006-08-24T00:00:00", "dateUpdated": "2024-08-07T19:06:07.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-2940
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:06:27.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22212" }, { "name": "USN-353-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-353-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.attachmate.com/techdocs/2374.html" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23309" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26893" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "31531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31531" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25889" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "oval:org.mitre.oval:def:10311", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311" }, { "name": "ADV-2006-4019", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4019" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22626" }, { "name": "openssl-publickey-dos(29230)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "23351", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23351" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22671" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "ADV-2008-2396", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2396" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22799" }, { "name": "200585", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.serv-u.com/releasenotes/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "102747", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "20247", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20247" }, { "name": "29261", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29261" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "ADV-2006-4980", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4980" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-28T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDKSA-2006:172", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172" }, { "name": "22212", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22212" }, { "name": "USN-353-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-353-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.attachmate.com/techdocs/2374.html" }, { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en" }, { "name": "23915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23915" }, { "name": "201534", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1" }, { "name": "HPSBMA02250", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "1016943", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016943" }, { "name": "23038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23038" }, { "name": "2006-0054", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0054" }, { "name": "DSA-1195", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1195" }, { "name": "23309", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23309" }, { "name": "26893", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26893" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "ADV-2006-4401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4401" }, { "name": "USN-353-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-353-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227" }, { "name": "22116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22116" }, { "name": "SSRT071304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm" }, { "name": "GLSA-200612-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml" }, { "name": "22166", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22166" }, { "name": "RHSA-2006:0695", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html" }, { "name": "23340", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23340" }, { "name": "22385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22385" }, { "name": "SUSE-SR:2006:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" }, { "name": "22758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22758" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22487" }, { "name": "SUSE-SA:2006:058", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html" }, { "name": "22772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22772" }, { "name": "SSRT071299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "31531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31531" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf" }, { "name": "FreeBSD-SA-06:23.openssl", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc" }, { "name": "22165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html" }, { "name": "23794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23794" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "22220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22220" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openvpn.net/changelog.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1633" }, { "name": "25889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25889" }, { "name": "ADV-2006-4036", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4036" }, { "name": "oval:org.mitre.oval:def:10311", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311" }, { "name": "ADV-2006-4019", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4019" }, { "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata.html#openssl2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" }, { "name": "30124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30124" }, { "name": "22626", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22626" }, { "name": "openssl-publickey-dos(29230)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230" }, { "name": "22083", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22083" }, { "name": "MDKSA-2006:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178" }, { "name": "23351", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23351" }, { "name": "ADV-2006-3869", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3869" }, { "name": "22671", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22671" }, { "name": "22544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22544" }, { "name": "22298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22298" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" }, { "name": "22130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22130" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "ADV-2006-4329", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4329" }, { "name": "22284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22284" }, { "name": "24930", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24930" }, { "name": "ADV-2006-4327", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4327" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "GLSA-200610-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.rpath.com/browse/RPL-613" }, { "name": "26329", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26329" }, { "name": "22260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf" }, { "name": "ADV-2007-0343", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0343" }, { "name": "ADV-2006-3860", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3860" }, { "name": "23280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23280" }, { "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded" }, { "name": "SSRT061213", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm" }, { "name": "ADV-2006-4264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" }, { "name": "22193", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html" }, { "name": "ADV-2008-2396", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2396" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "22799", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22799" }, { "name": "200585", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1" }, { "name": "SSA:2006-272-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946" }, { "name": "ADV-2006-4417", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4417" }, { "name": "HPSBUX02186", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.serv-u.com/releasenotes/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html" }, { "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2" }, { "name": "22094", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22094" }, { "name": "22186", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22186" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kolab.org/security/kolab-vendor-notice-11.txt" }, { "name": "ADV-2007-2315", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2315" }, { "name": "22500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22500" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" }, { "name": "22216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22216" }, { "name": "ADV-2006-3820", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3820" }, { "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" }, { "name": "HPSBUX02174", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "OpenPKG-SA-2006.021", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" }, { "name": "102747", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1" }, { "name": "ADV-2008-0905", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0905/references" }, { "name": "ADV-2007-1401", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1401" }, { "name": "20247", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20247" }, { "name": "29261", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29261" }, { "name": "NetBSD-SA2008-007", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" }, { "name": "SSRT061275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded" }, { "name": "ADV-2006-3936", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3936" }, { "name": "ADV-2006-4980", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4980" }, { "name": "22240", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22240" }, { "name": "22330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22330" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "HPSBTU02207", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144" }, { "name": "DSA-1185", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1185" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf" }, { "name": "22207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22207" }, { "name": "MDKSA-2006:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177" }, { "name": "1017522", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017522" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html" }, { "name": "ADV-2006-3902", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3902" }, { "name": "ADV-2007-2783", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2783" }, { "name": "22259", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22259" }, { "name": "22460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22460" }, { "name": "22172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html" }, { "name": "SSRT061239", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100" }, { "name": "28276", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28276" }, { "name": "102668", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml" }, { "name": "24950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24950" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-2940", "datePublished": "2006-09-28T18:00:00", "dateReserved": "2006-06-09T00:00:00", "dateUpdated": "2024-08-07T18:06:27.233Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2052
Vulnerability from cvelistv5
Published
2007-04-16 22:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:23:50.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "28050", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28050" }, { "name": "25190", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25190" }, { "name": "25217", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25217" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934" }, { "name": "DSA-1551", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29303" }, { "name": "ADV-2007-1465", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1465" }, { "name": "29032", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:8353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353" }, { "name": "20070521 FLEA-2007-0019-1: python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2007:1077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "RHSA-2007:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093" }, { "name": "25353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25353" }, { "name": "25233", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25233" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1358" }, { "name": "USN-585-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "2007-0019", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0019/" }, { "name": "28027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28027" }, { "name": "SUSE-SR:2007:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html" }, { "name": "31255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31255" }, { "name": "DSA-1620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "25787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25787" }, { "name": "23887", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23887" }, { "name": "python-localemodule-information-disclosure(34060)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060" }, { "name": "oval:org.mitre.oval:def:11716", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "MDKSA-2007:099", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099" }, { "name": "29889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29889" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "28050", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28050" }, { "name": "25190", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25190" }, { "name": "25217", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25217" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934" }, { "name": "DSA-1551", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29303" }, { "name": "ADV-2007-1465", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1465" }, { "name": "29032", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:8353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353" }, { "name": "20070521 FLEA-2007-0019-1: python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2007:1077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "RHSA-2007:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093" }, { "name": "25353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25353" }, { "name": "25233", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25233" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1358" }, { "name": "USN-585-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "2007-0019", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0019/" }, { "name": "28027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28027" }, { "name": "SUSE-SR:2007:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html" }, { "name": "31255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31255" }, { "name": "DSA-1620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "25787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25787" }, { "name": "23887", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23887" }, { "name": "python-localemodule-information-disclosure(34060)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060" }, { "name": "oval:org.mitre.oval:def:11716", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "MDKSA-2007:099", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099" }, { "name": "29889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29889" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2052", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "28050", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28050" }, { "name": "25190", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25190" }, { "name": "25217", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25217" }, { "name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471" }, { "name": "http://www.python.org/download/releases/2.5.1/NEWS.txt", "refsource": "CONFIRM", "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934" }, { "name": "DSA-1551", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1551" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29303" }, { "name": "ADV-2007-1465", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1465" }, { "name": "29032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492" }, { "name": "oval:org.mitre.oval:def:8353", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353" }, { "name": "20070521 FLEA-2007-0019-1: python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded" }, { "name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2007:1077", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "RHSA-2007:1076", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093" }, { "name": "25353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25353" }, { "name": "25233", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25233" }, { "name": "https://issues.rpath.com/browse/RPL-1358", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1358" }, { "name": "USN-585-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "2007-0019", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0019/" }, { "name": "28027", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28027" }, { "name": "SUSE-SR:2007:013", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html" }, { "name": "31255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31255" }, { "name": "DSA-1620", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "25787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25787" }, { "name": "23887", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23887" }, { "name": "python-localemodule-information-disclosure(34060)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060" }, { "name": "oval:org.mitre.oval:def:11716", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "MDKSA-2007:099", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099" }, { "name": "29889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29889" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2052", "datePublished": "2007-04-16T22:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2024-08-07T13:23:50.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-4965
Vulnerability from cvelistv5
Published
2007-09-18 22:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:17:27.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "25696", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25696" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254" }, { "name": "ADV-2007-4238", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "name": "38675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38675" }, { "name": "TA07-352A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "name": "oval:org.mitre.oval:def:8496", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33937" }, { "name": "28136", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28136" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37471" }, { "name": "27460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27460" }, { "name": "28480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28480" }, { "name": "26837", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26837" }, { "name": "ADV-2007-3201", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3201" }, { "name": "DSA-1551", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29303" }, { "name": "oval:org.mitre.oval:def:8486", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "27872", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27872" }, { "name": "29032", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "FEDORA-2007-2663", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html" }, { "name": "oval:org.mitre.oval:def:10804", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "20070916 python \u003c= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "APPLE-SA-2007-12-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "name": "RHSA-2007:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "name": "python-imageop-bo(36653)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "name": "27562", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27562" }, { "name": "USN-585-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "GLSA-200711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml" }, { "name": "MDVSA-2008:012", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100074697" }, { "name": "31255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31255" }, { "name": "20080212 FLEA-2008-0002-1 python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded" }, { "name": "MDVSA-2008:013", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013" }, { "name": "DSA-1620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "28838", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28838" }, { "name": "SUSE-SR:2008:003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1885" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "29889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29889" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "25696", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25696" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254" }, { "name": "ADV-2007-4238", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "name": "38675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38675" }, { "name": "TA07-352A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "name": "oval:org.mitre.oval:def:8496", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33937" }, { "name": "28136", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28136" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37471" }, { "name": "27460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27460" }, { "name": "28480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28480" }, { "name": "26837", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26837" }, { "name": "ADV-2007-3201", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3201" }, { "name": "DSA-1551", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29303" }, { "name": "oval:org.mitre.oval:def:8486", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "27872", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27872" }, { "name": "29032", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "FEDORA-2007-2663", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html" }, { "name": "oval:org.mitre.oval:def:10804", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "20070916 python \u003c= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "APPLE-SA-2007-12-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "name": "RHSA-2007:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "name": "python-imageop-bo(36653)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "name": "27562", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27562" }, { "name": "USN-585-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "GLSA-200711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml" }, { "name": "MDVSA-2008:012", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100074697" }, { "name": "31255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31255" }, { "name": "20080212 FLEA-2008-0002-1 python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded" }, { "name": "MDVSA-2008:013", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013" }, { "name": "DSA-1620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "28838", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28838" }, { "name": "SUSE-SR:2008:003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1885" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "29889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29889" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4965", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" }, { "name": "25696", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25696" }, { "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254" }, { "name": "ADV-2007-4238", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "name": "38675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38675" }, { "name": "TA07-352A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "name": "oval:org.mitre.oval:def:8496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496" }, { "name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937" }, { "name": "28136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28136" }, { "name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471" }, { "name": "27460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27460" }, { "name": "28480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28480" }, { "name": "26837", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26837" }, { "name": "ADV-2007-3201", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3201" }, { "name": "DSA-1551", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1551" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "29303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29303" }, { "name": "oval:org.mitre.oval:def:8486", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486" }, { "name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438" }, { "name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "27872", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27872" }, { "name": "29032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29032" }, { "name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492" }, { "name": "FEDORA-2007-2663", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html" }, { "name": "oval:org.mitre.oval:def:10804", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804" }, { "name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "20070916 python \u003c= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html" }, { "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" }, { "name": "APPLE-SA-2007-12-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "name": "RHSA-2007:1076", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "ADV-2008-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0637" }, { "name": "python-imageop-bo(36653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=192876", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876" }, { "name": "http://docs.info.apple.com/article.html?artnum=307179", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "name": "27562", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27562" }, { "name": "USN-585-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-585-1" }, { "name": "GLSA-200711-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml" }, { "name": "MDVSA-2008:012", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012" }, { "name": "http://support.avaya.com/css/P8/documents/100074697", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100074697" }, { "name": "31255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31255" }, { "name": "20080212 FLEA-2008-0002-1 python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded" }, { "name": "MDVSA-2008:013", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013" }, { "name": "DSA-1620", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1620" }, { "name": "28838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28838" }, { "name": "SUSE-SR:2008:003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html" }, { "name": "https://issues.rpath.com/browse/RPL-1885", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1885" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "29889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29889" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4965", "datePublished": "2007-09-18T22:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4980
Vulnerability from cvelistv5
Published
2006-10-09 17:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:32:22.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "22303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22303" }, { "name": "DSA-1197", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1197" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22487" }, { "name": "20061011 rPSA-2006-0187-1 idle python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/448244/100/100/threaded" }, { "name": "22639", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22639" }, { "name": "MDKSA-2006:181", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:181" }, { "name": "python-repr-bo(29408)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29408" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23680" }, { "name": "22512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22512" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1541585\u0026group_id=5470\u0026atid=305470" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2006:0713", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0713.html" }, { "name": "ADV-2006-5131", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/5131" }, { "name": "1017019", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017019" }, { "name": "22357", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22357" }, { "name": "DSA-1198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1198" }, { "name": "22379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22379" }, { "name": "USN-359-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-359-1" }, { "name": "22448", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22448" }, { "name": "SUSE-SR:2006:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html" }, { "name": "20376", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20376" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162" }, { "name": "GLSA-200610-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-07.xml" }, { "name": "ADV-2006-3940", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3940" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-702" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "22358", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22358" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22297", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22297" }, { "name": "oval:org.mitre.oval:def:10789", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html" }, { "name": "22531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22531" }, { "name": "22276", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22276" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-10-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "22303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22303" }, { "name": "DSA-1197", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1197" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "22487", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22487" }, { "name": "20061011 rPSA-2006-0187-1 idle python", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/448244/100/100/threaded" }, { "name": "22639", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22639" }, { "name": "MDKSA-2006:181", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:181" }, { "name": "python-repr-bo(29408)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29408" }, { "name": "23680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23680" }, { "name": "22512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22512" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1541585\u0026group_id=5470\u0026atid=305470" }, { "name": "31492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2006:0713", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0713.html" }, { "name": "ADV-2006-5131", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/5131" }, { "name": "1017019", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017019" }, { "name": "22357", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22357" }, { "name": "DSA-1198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1198" }, { "name": "22379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22379" }, { "name": "USN-359-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-359-1" }, { "name": "22448", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22448" }, { "name": "SUSE-SR:2006:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html" }, { "name": "20376", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20376" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162" }, { "name": "GLSA-200610-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-07.xml" }, { "name": "ADV-2006-3940", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3940" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-702" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589" }, { "name": "20070110 VMware ESX server security updates", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "22358", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22358" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "20061001-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22297", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22297" }, { "name": "oval:org.mitre.oval:def:10789", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html" }, { "name": "22531", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22531" }, { "name": "22276", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22276" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4980", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "22303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22303" }, { "name": "DSA-1197", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1197" }, { "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" }, { "name": "22487", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22487" }, { "name": "20061011 rPSA-2006-0187-1 idle python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448244/100/100/threaded" }, { "name": "22639", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22639" }, { "name": "MDKSA-2006:181", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:181" }, { "name": "python-repr-bo(29408)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29408" }, { "name": "23680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23680" }, { "name": "22512", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22512" }, { "name": "https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633", "refsource": "CONFIRM", "url": "https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633" }, { "name": "http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff", "refsource": "CONFIRM", "url": "http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm" }, { "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1541585\u0026group_id=5470\u0026atid=305470", "refsource": "CONFIRM", "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1541585\u0026group_id=5470\u0026atid=305470" }, { "name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492" }, { "name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" }, { "name": "RHSA-2006:0713", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0713.html" }, { "name": "ADV-2006-5131", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5131" }, { "name": "1017019", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017019" }, { "name": "22357", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22357" }, { "name": "DSA-1198", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1198" }, { "name": "22379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22379" }, { "name": "USN-359-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-359-1" }, { "name": "22448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22448" }, { "name": "SUSE-SR:2006:025", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html" }, { "name": "20376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20376" }, { "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162", "refsource": "CONFIRM", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162" }, { "name": "GLSA-200610-07", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200610-07.xml" }, { "name": "ADV-2006-3940", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3940" }, { "name": "https://issues.rpath.com/browse/RPL-702", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-702" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589" }, { "name": "20070110 VMware ESX server security updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded" }, { "name": "22358", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22358" }, { "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" }, { "name": "20061001-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" }, { "name": "22297", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22297" }, { "name": "oval:org.mitre.oval:def:10789", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10789" }, { "name": "http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html", "refsource": "CONFIRM", "url": "http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html" }, { "name": "22531", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22531" }, { "name": "22276", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22276" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4980", "datePublished": "2006-10-09T17:00:00", "dateReserved": "2006-09-25T00:00:00", "dateUpdated": "2024-08-07T19:32:22.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.