|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#547300
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
OverviewA buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system.
I. DescriptionThe OpenSSL toolkit implements the Secure Sockets Layer (SSL versions 2 and 3) and Transport Layer Security (TLS version 1) protocols as well as a general purpose cryptographic library. The OpenSSL library includes a utility function, SSL_get_shared_ciphers(), to generate human readable strings from the list of shared ciphers supported on an SSL connection. A buffer overflow exists in this function's handling of the length of the list of shared ciphers. Any application using this function could expose the vulnerability, allowing an attacker to execute code with the privileges of that application. Note that although successful exploitation is believed to be difficult, it is still possible in some situations.II. ImpactAn attacker with the ability to supply a specially crafted list of ciphers could execute code in the context of an application using the vulnerable function.III. SolutionUpgrade or apply a patch from the vendor
Patches have been released to address this issue. Please see the Systems Affected section of this document for more information.
Users or redistributors who compile OpenSSL from the original source code distribution are encouraged to review OpenSSL Security Advisory [28th September 2006] and upgrade to the appropriate fixed version of the software.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| 3com, Inc. | Unknown | 15-Sep-2006 |
| Aladdin Knowledge Systems | Unknown | 15-Sep-2006 |
| Alcatel | Unknown | 15-Sep-2006 |
| America Online, Inc. | Unknown | 15-Sep-2006 |
| Apache-SSL | Unknown | 15-Sep-2006 |
| Apache HTTP Server Project | Unknown | 15-Sep-2006 |
| Apple Computer, Inc. | Unknown | 15-Sep-2006 |
| Aruba Networks, Inc. | Unknown | 15-Sep-2006 |
| AttachmateWRQ, Inc. | Unknown | 15-Sep-2006 |
| AT&T | Unknown | 15-Sep-2006 |
| Avaya, Inc. | Unknown | 15-Sep-2006 |
| Avici Systems, Inc. | Unknown | 15-Sep-2006 |
| Borderware Technologies | Unknown | 15-Sep-2006 |
| Certicom | Unknown | 15-Sep-2006 |
| Charlotte's Web Networks | Unknown | 15-Sep-2006 |
| Check Point Software Technologies | Unknown | 15-Sep-2006 |
| Chiaro Networks, Inc. | Unknown | 15-Sep-2006 |
| Cisco Systems, Inc. | Unknown | 15-Sep-2006 |
| Clavister | Unknown | 15-Sep-2006 |
| Command Software Systems | Unknown | 15-Sep-2006 |
| Computer Associates | Unknown | 15-Sep-2006 |
| Conectiva Inc. | Unknown | 15-Sep-2006 |
| Covalent Technologies | Unknown | 15-Sep-2006 |
| Cray Inc. | Unknown | 15-Sep-2006 |
| Cryptlib | Unknown | 15-Sep-2006 |
| Crypto++ Library | Unknown | 15-Sep-2006 |
| CyberSoft, Inc. | Unknown | 15-Sep-2006 |
| D-Link Systems, Inc. | Unknown | 15-Sep-2006 |
| Data Connection, Ltd. | Unknown | 15-Sep-2006 |
| DataFellows | Unknown | 15-Sep-2006 |
| Debian GNU/Linux | Vulnerable | 2-Oct-2006 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 15-Sep-2006 |
| Engarde Secure Linux | Unknown | 15-Sep-2006 |
| Ericsson | Unknown | 15-Sep-2006 |
| eSoft, Inc. | Unknown | 15-Sep-2006 |
| Extreme Networks | Unknown | 15-Sep-2006 |
| F-PROT by FRISK Software International | Unknown | 15-Sep-2006 |
| F-Secure Corporation | Unknown | 15-Sep-2006 |
| F5 Networks, Inc. | Vulnerable | 21-Sep-2006 |
| Fedora Project | Unknown | 15-Sep-2006 |
| Finjan Software | Unknown | 15-Sep-2006 |
| Force10 Networks, Inc. | Unknown | 15-Sep-2006 |
| Fortinet, Inc. | Unknown | 15-Sep-2006 |
| Foundry Networks, Inc. | Unknown | 15-Sep-2006 |
| FreeBSD, Inc. | Vulnerable | 28-Sep-2006 |
| Fujitsu | Not Vulnerable | 29-Sep-2006 |
| Gentoo Linux | Unknown | 15-Sep-2006 |
| GFI Software, Inc. | Unknown | 15-Sep-2006 |
| Global Technology Associates | Not Vulnerable | 18-Sep-2006 |
| Hewlett-Packard Company | Unknown | 15-Sep-2006 |
| Hitachi | Unknown | 15-Sep-2006 |
| Hyperchip | Unknown | 15-Sep-2006 |
| IAIK Java Group | Unknown | 15-Sep-2006 |
| IBM Corporation | Unknown | 15-Sep-2006 |
| IBM Corporation (zseries) | Unknown | 15-Sep-2006 |
| IBM eServer | Unknown | 15-Sep-2006 |
| Immunix Communications, Inc. | Unknown | 15-Sep-2006 |
| Ingrian Networks, Inc. | Unknown | 15-Sep-2006 |
| Intel Corporation | Unknown | 15-Sep-2006 |
| Internet Security Systems, Inc. | Unknown | 15-Sep-2006 |
| Intoto | Unknown | 15-Sep-2006 |
| IP Filter | Unknown | 15-Sep-2006 |
| Juniper Networks, Inc. | Unknown | 15-Sep-2006 |
| Linksys (A division of Cisco Systems) | Unknown | 15-Sep-2006 |
| Lotus Software | Unknown | 15-Sep-2006 |
| lsh | Unknown | 15-Sep-2006 |
| Lucent Technologies | Unknown | 15-Sep-2006 |
| Luminous Networks | Unknown | 15-Sep-2006 |
| Mandriva, Inc. | Unknown | 15-Sep-2006 |
| MessageLabs | Unknown | 15-Sep-2006 |
| Microsoft Corporation | Unknown | 15-Sep-2006 |
| Microsoft Internet Explorer | Unknown | 15-Sep-2006 |
| Mirapoint, Inc. | Unknown | 15-Sep-2006 |
| mod_ssl | Unknown | 15-Sep-2006 |
| MontaVista Software, Inc. | Unknown | 15-Sep-2006 |
| Mozilla - Network Security Services | Unknown | 15-Sep-2006 |
| Mozilla, Inc. | Unknown | 15-Sep-2006 |
| Multinet (owned Process Software Corporation) | Unknown | 15-Sep-2006 |
| Multitech, Inc. | Unknown | 15-Sep-2006 |
| MySQL AB | Unknown | 15-Sep-2006 |
| NEC Corporation | Unknown | 15-Sep-2006 |
| NetBSD | Unknown | 15-Sep-2006 |
| netfilter | Unknown | 15-Sep-2006 |
| Netscape NSS | Unknown | 15-Sep-2006 |
| Network Appliance, Inc. | Unknown | 15-Sep-2006 |
| NextHop Technologies, Inc. | Unknown | 15-Sep-2006 |
| Nokia | Unknown | 15-Sep-2006 |
| Nortel Networks, Inc. | Unknown | 15-Sep-2006 |
| Novell, Inc. | Unknown | 15-Sep-2006 |
| OpenBSD | Unknown | 15-Sep-2006 |
| OpenPKG | Vulnerable | 2-Oct-2006 |
| OpenSSL | Vulnerable | 28-Sep-2006 |
| Openwall GNU/*/Linux | Unknown | 15-Sep-2006 |
| Oracle Corporation | Vulnerable | 17-Jan-2007 |
| Proland Software, Inc. | Unknown | 15-Sep-2006 |
| QNX, Software Systems, Inc. | Unknown | 15-Sep-2006 |
| Red Hat, Inc. | Vulnerable | 2-Oct-2006 |
| Redback Networks, Inc. | Unknown | 15-Sep-2006 |
| Riverstone Networks, Inc. | Unknown | 15-Sep-2006 |
| rPath | Vulnerable | 2-Oct-2006 |
| RSA Security, Inc. | Unknown | 15-Sep-2006 |
| Secure Computing Network Security Division | Unknown | 15-Sep-2006 |
| Secureworx, Inc. | Unknown | 15-Sep-2006 |
| Sendmail Consortium | Unknown | 15-Sep-2006 |
| Sendmail, Inc. | Unknown | 22-Sep-2006 |
| Silicon Graphics, Inc. | Unknown | 15-Sep-2006 |
| Slackware Linux Inc. | Vulnerable | 2-Oct-2006 |
| Sony Corporation | Unknown | 15-Sep-2006 |
| Sophos, Inc. | Unknown | 15-Sep-2006 |
| Spyrus | Unknown | 15-Sep-2006 |
| Stonesoft | Vulnerable | 29-Sep-2006 |
| Stunnel | Unknown | 15-Sep-2006 |
| Sun Microsystems, Inc. | Unknown | 15-Sep-2006 |
| SUSE Linux | Vulnerable | 2-Oct-2006 |
| Symantec, Inc. | Unknown | 15-Sep-2006 |
| The SCO Group | Unknown | 15-Sep-2006 |
| Trendmicro | Unknown | 15-Sep-2006 |
| Trustix Secure Linux | Vulnerable | 2-Oct-2006 |
| Turbolinux | Unknown | 15-Sep-2006 |
| Ubuntu | Vulnerable | 28-Sep-2006 |
| Unisys | Unknown | 15-Sep-2006 |
| Watchguard Technologies, Inc. | Unknown | 15-Sep-2006 |
| Wietse Venema | Unknown | 15-Sep-2006 |
| Wind River Systems, Inc. | Unknown | 15-Sep-2006 |
| ZyXEL | Unknown | 15-Sep-2006 |
References
http://www.openssl.org/news/secadv_20060928.txt
http://jvn.jp/cert/JVNVU%23547300/index.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
https://issues.rpath.com/browse/RPL-613
http://www.openssl.org/news/secadv_20060928.txt
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://www.serv-u.com/releasenotes/
http://openbsd.org/errata.html#openssl2
http://www.securityfocus.com/bid/20249
http://securitytracker.com/id?1016943
http://secunia.com/advisories/22130
http://secunia.com/advisories/22094
http://secunia.com/advisories/22165
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22212
http://secunia.com/advisories/22240
http://secunia.com/advisories/22216
http://secunia.com/advisories/22116
http://secunia.com/advisories/22220
http://secunia.com/advisories/22284
http://secunia.com/advisories/22330
http://xforce.iss.net/xforce/xfdb/29237
http://secunia.com/advisories/23280/
http://secunia.com/advisories/23309/
http://www.securityfocus.com/bid/22083
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Credit
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| Date Public: | 2006-09-28 |
| Date First Published: | 2006-09-28 |
| Date Last Updated: | 2007-02-09 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-3738 |
| NVD-ID(s): | CVE-2006-3738 |
| US-CERT Technical Alerts: | |
| Metric: | 2.53 |
| Document Revision: | 37 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader