Vulnerability Note VU#547300
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system.
The OpenSSL toolkit implements the Secure Sockets Layer (SSL versions 2 and 3) and Transport Layer Security (TLS version 1) protocols as well as a general purpose cryptographic library. The OpenSSL library includes a utility function, SSL_get_shared_ciphers(), to generate human readable strings from the list of shared ciphers supported on an SSL connection. A buffer overflow exists in this function's handling of the length of the list of shared ciphers. Any application using this function could expose the vulnerability, allowing an attacker to execute code with the privileges of that application. Note that although successful exploitation is believed to be difficult, it is still possible in some situations.
An attacker with the ability to supply a specially crafted list of ciphers could execute code in the context of an application using the vulnerable function.
Upgrade or apply a patch from the vendor
Patches have been released to address this issue. Please see the Systems Affected section of this document for more information.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||15 Sep 2006||02 Oct 2006|
|F5 Networks, Inc.||Affected||15 Sep 2006||21 Sep 2006|
|FreeBSD, Inc.||Affected||15 Sep 2006||28 Sep 2006|
|OpenPKG||Affected||-||02 Oct 2006|
|OpenSSL||Affected||06 Sep 2006||28 Sep 2006|
|Oracle Corporation||Affected||-||17 Jan 2007|
|Red Hat, Inc.||Affected||15 Sep 2006||02 Oct 2006|
|rPath||Affected||-||02 Oct 2006|
|Slackware Linux Inc.||Affected||15 Sep 2006||02 Oct 2006|
|Stonesoft||Affected||15 Sep 2006||29 Sep 2006|
|SUSE Linux||Affected||15 Sep 2006||02 Oct 2006|
|Trustix Secure Linux||Affected||15 Sep 2006||02 Oct 2006|
|Ubuntu||Affected||15 Sep 2006||28 Sep 2006|
|Force10 Networks, Inc.||Not Affected||15 Sep 2006||22 Jul 2011|
|Fujitsu||Not Affected||15 Sep 2006||29 Sep 2006|
CVSS Metrics (Learn More)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2006-3738
- Date Public: 28 Sep 2006
- Date First Published: 28 Sep 2006
- Date Last Updated: 22 Jul 2011
- Severity Metric: 2.53
- Document Revision: 39
If you have feedback, comments, or additional information about this vulnerability, please send us email.