FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3738

This CVE name corresponds to:

Entered Topic
2007-02-26 OpenSSL -- Multiple problems in crypto(3)

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3738 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3738
Phase Assigned(20060720)

Description

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

References

Source Reference
BUGTRAQ 20070602 Recent OpenSSL exploits
BUGTRAQ 20070110 VMware ESX server security updates
BUGTRAQ 20060928 rPSA-2006-0175-1 openssl openssl-scripts
BUGTRAQ 20060929 rPSA-2006-0175-2 openssl openssl-scripts
FULLDISC 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
CONFIRM http://www.openssl.org/news/secadv_20060928.txt
CONFIRM http://kolab.org/security/kolab-vendor-notice-11.txt
CONFIRM http://openvpn.net/changelog.html
CONFIRM http://www.serv-u.com/releasenotes/
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
CONFIRM http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
CONFIRM http://docs.info.apple.com/article.html?artnum=304829
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
CONFIRM http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
CONFIRM http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
CONFIRM http://issues.rpath.com/browse/RPL-613
CONFIRM http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
APPLE APPLE-SA-2006-11-28
CISCO 20061108 Multiple Vulnerabilities in OpenSSL library
CISCO 20061108 Multiple Vulnerabilities in OpenSSL Library
DEBIAN DSA-1185
DEBIAN DSA-1195
FREEBSD FreeBSD-SA-06:23
GENTOO GLSA-200610-11
GENTOO GLSA-200612-11
GENTOO GLSA-200805-07
HP HPSBUX02174
HP SSRT061239
HP HPSBUX02186
HP SSRT071299
HP HPSBTU02207
HP SSRT061213
HP SSRT071304
HP HPSBMA02250
HP SSRT061275
HP HPSBOV02683
HP SSRT090208
MANDRIVA MDKSA-2006:172
MANDRIVA MDKSA-2006:177
MANDRIVA MDKSA-2006:178
NETBSD NetBSD-SA2008-007
OPENBSD [3.9] 20061007 013: SECURITY FIX: October 7, 2006
OPENPKG OpenPKG-SA-2006.021
REDHAT RHSA-2006:0695
REDHAT RHSA-2008:0629
SGI 20061001-01-P
SLACKWARE SSA:2006-272-01
SUNALERT 102668
SUNALERT 102711
SUNALERT 201531
SUSE SUSE-SA:2006:058
SUSE SUSE-SR:2006:024
TRUSTIX 2006-0054
UBUNTU USN-353-1
CERT TA06-333A
CERT-VN VU#547300
BID 20249
BID 22083
OVAL oval:org.mitre.oval:def:9370
VUPEN ADV-2006-3820
VUPEN ADV-2006-3860
VUPEN ADV-2006-3902
VUPEN ADV-2006-3869
VUPEN ADV-2006-3936
VUPEN ADV-2006-4036
VUPEN ADV-2006-4314
VUPEN ADV-2006-4264
VUPEN ADV-2006-4417
VUPEN ADV-2006-4401
VUPEN ADV-2006-4443
VUPEN ADV-2006-4750
VUPEN ADV-2007-0343
VUPEN ADV-2007-1401
VUPEN ADV-2007-2315
VUPEN ADV-2007-2783
OSVDB 29262
OVAL oval:org.mitre.oval:def:4256
SECTRACK 1016943
SECTRACK 1017522
SECUNIA 22130
SECUNIA 22094
SECUNIA 22165
SECUNIA 22186
SECUNIA 22193
SECUNIA 22207
SECUNIA 22259
SECUNIA 22260
SECUNIA 22166
SECUNIA 22172
SECUNIA 22212
SECUNIA 22240
SECUNIA 22216
SECUNIA 22116
SECUNIA 22220
SECUNIA 22284
SECUNIA 22330
SECUNIA 22385
SECUNIA 22460
SECUNIA 22500
SECUNIA 22544
SECUNIA 22626
SECUNIA 22633
SECUNIA 22654
SECUNIA 22487
SECUNIA 22758
SECUNIA 22799
SECUNIA 22791
SECUNIA 22772
SECUNIA 23038
SECUNIA 23155
SECUNIA 22298
SECUNIA 23309
SECUNIA 23280
SECUNIA 23340
SECUNIA 23680
SECUNIA 23794
SECUNIA 23915
SECUNIA 24950
SECUNIA 24930
SECUNIA 25889
SECUNIA 26329
SECUNIA 30124
SECUNIA 30161
SECUNIA 31492
XF openssl-sslgetsharedciphers-bo(29237)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.