Vulnerability Note VU#386964

OpenSSL SSLv2 client code fails to properly check for NULL

Original Release date: 28 Sep 2006 | Last revised: 22 Jul 2011

Overview

A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application.

Description

The OpenSSL toolkit implements the Secure Sockets Layer (SSL versions 2 and 3) and Transport Layer Security (TLS version 1) protocols as well as a general purpose cryptographic library. A missing check for NULL exists in the SSLv2 client get_server_hello() function. As a result, an affected client application using OpenSSL to create an SSLv2 connection to a malicious server could be caused to crash.

Impact

A remote attacker could cause an affected client application to crash, creating a denial of service.

Solution

Upgrade or apply a patch from the vendor

Patches have been released to address this issue. Please see the Systems Affected section of this document for more information.

Users or redistributors who compile OpenSSL from the original source code distribution are encouraged to review OpenSSL Security Advisory [28th September 2006] and upgrade to the appropriate fixed version of the software.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected15 Sep 200602 Oct 2006
F5 Networks, Inc.Affected15 Sep 200621 Sep 2006
FreeBSD, Inc.Affected15 Sep 200628 Sep 2006
OpenPKGAffected-02 Oct 2006
OpenSSLAffected06 Sep 200628 Sep 2006
Oracle CorporationAffected-17 Jan 2007
Red Hat, Inc.Affected15 Sep 200602 Oct 2006
rPathAffected-02 Oct 2006
Slackware Linux Inc.Affected15 Sep 200602 Oct 2006
SUSE LinuxAffected15 Sep 200602 Oct 2006
Trustix Secure LinuxAffected15 Sep 200602 Oct 2006
UbuntuAffected15 Sep 200628 Sep 2006
Force10 Networks, Inc.Not Affected15 Sep 200622 Jul 2011
FujitsuNot Affected15 Sep 200629 Sep 2006
Global Technology AssociatesNot Affected15 Sep 200618 Sep 2006
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Tavis Ormandy and Will Drewry of the Google Security Team for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: CVE-2006-4343
  • Date Public: 28 Sep 2006
  • Date First Published: 28 Sep 2006
  • Date Last Updated: 22 Jul 2011
  • Severity Metric: 0.32
  • Document Revision: 30

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.