CVE-2006-4343
UnknownEPSS 17.42%
Last modified
CVE-2006-4343 is a vulnerability of currently unknown severity. The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.. EPSS estimates a 17.42% chance of exploitation in the next 30 days.
Description
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
| Openssl | Openssl | 0.9.7a |
| Openssl | Openssl | 0.9.7b |
| Openssl | Openssl | 0.9.7c |
| Openssl | Openssl | 0.9.7d |
| Openssl | Openssl | 0.9.7e |
| Openssl | Openssl | 0.9.7f |
| Openssl | Openssl | 0.9.7g |
| Openssl | Openssl | 0.9.7h |
| Openssl | Openssl | 0.9.7i |
| Openssl | Openssl | 0.9.7j |
| Openssl | Openssl | 0.9.7k |
| Openssl | Openssl | 0.9.8 |
| Openssl | Openssl | 0.9.8a |
| Openssl | Openssl | 0.9.8b |
| Openssl | Openssl | 0.9.8c |
| Debian | Debian Linux | 3.1 |
| Canonical | Ubuntu Linux | 5.04 |
| Canonical | Ubuntu Linux | 5.10 |
| Canonical | Ubuntu Linux | 6.06 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascThird Party Advisory
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascThird Party Advisory
- http://docs.info.apple.com/article.html?artnum=304829Third Party Advisory
- http://issues.rpath.com/browse/RPL-613Broken Link
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlMailing List, Third Party Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlMailing List, Third Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Mailing List, Third Party Advisory
- http://openbsd.org/errata.html#openssl2Third Party Advisory
- http://openvpn.net/changelog.htmlThird Party Advisory
- http://secunia.com/advisories/22094Third Party Advisory
- http://secunia.com/advisories/22116Third Party Advisory
- http://secunia.com/advisories/22130Third Party Advisory
- http://secunia.com/advisories/22165Third Party Advisory
- http://secunia.com/advisories/22166Third Party Advisory
- http://secunia.com/advisories/22172Third Party Advisory
- http://secunia.com/advisories/22186Third Party Advisory
- http://secunia.com/advisories/22193Third Party Advisory
- http://secunia.com/advisories/22207Third Party Advisory
- http://secunia.com/advisories/22212Third Party Advisory
- http://secunia.com/advisories/22216Third Party Advisory
- http://secunia.com/advisories/22220Third Party Advisory
- http://secunia.com/advisories/22240Third Party Advisory
- http://secunia.com/advisories/22259Third Party Advisory
- http://secunia.com/advisories/22260Third Party Advisory
- http://secunia.com/advisories/22284Third Party Advisory
- http://secunia.com/advisories/22298Third Party Advisory
- http://secunia.com/advisories/22330Third Party Advisory
- http://secunia.com/advisories/22385Third Party Advisory
- http://secunia.com/advisories/22460Third Party Advisory
- http://secunia.com/advisories/22487Third Party Advisory
- http://secunia.com/advisories/22500Third Party Advisory
- http://secunia.com/advisories/22544Third Party Advisory
- http://secunia.com/advisories/22626Third Party Advisory
- http://secunia.com/advisories/22758Third Party Advisory
- http://secunia.com/advisories/22772Third Party Advisory
- http://secunia.com/advisories/22791Third Party Advisory
- http://secunia.com/advisories/22799Third Party Advisory
- http://secunia.com/advisories/23038Third Party Advisory
- http://secunia.com/advisories/23155Third Party Advisory
- http://secunia.com/advisories/23280Third Party Advisory
- http://secunia.com/advisories/23309Third Party Advisory
- http://secunia.com/advisories/23340Third Party Advisory
- http://secunia.com/advisories/23680Third Party Advisory
- http://secunia.com/advisories/23794Third Party Advisory
- http://secunia.com/advisories/23915Third Party Advisory
- http://secunia.com/advisories/24950Third Party Advisory
- http://secunia.com/advisories/25420Third Party Advisory
- http://secunia.com/advisories/25889Third Party Advisory
- http://secunia.com/advisories/26329Third Party Advisory
- http://secunia.com/advisories/30124Third Party Advisory
- http://secunia.com/advisories/31492Third Party Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200610-11.xmlThird Party Advisory
- http://securitytracker.com/id?1016943Third Party Advisory, VDB Entry
- http://securitytracker.com/id?1017522Third Party Advisory, VDB Entry
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946Mailing List, Third Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmThird Party Advisory
- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlThird Party Advisory
- http://www.debian.org/security/2006/dsa-1185Third Party Advisory
- http://www.debian.org/security/2006/dsa-1195Third Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlThird Party Advisory
- http://www.ingate.com/relnote-452.phpBroken Link
- http://www.kb.cert.org/vuls/id/386964Patch, Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:172Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:177Third Party Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlThird Party Advisory
- http://www.openssl.org/news/secadv_20060928.txtPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlThird Party Advisory
- http://www.osvdb.org/29263Broken Link
- http://www.redhat.com/support/errata/RHSA-2006-0695.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0629.htmlThird Party Advisory
- http://www.securityfocus.com/bid/20246Patch, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/22083Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/28276Third Party Advisory, VDB Entry
- http://www.serv-u.com/releasenotes/Third Party Advisory
- http://www.trustix.org/errata/2006/0054Broken Link
- http://www.ubuntu.com/usn/usn-353-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlThird Party Advisory, US Government Resource
- http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlThird Party Advisory
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlThird Party Advisory
- http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/player/doc/releasenotes_player.htmlThird Party Advisory
- http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlThird Party Advisory
- http://www.vmware.com/support/server/doc/releasenotes_server.htmlThird Party Advisory
- http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlThird Party Advisory
- http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlThird Party Advisory
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlThird Party Advisory
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2006/3820Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3860Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3869Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3902Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3936Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4036Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4264Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4401Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4417Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4443Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4750Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/0343Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/1401Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/1973Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2783Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2008/0905/referencesPermissions Required, Third Party Advisory
- http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29240Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/4773Third Party Advisory, VDB Entry
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascThird Party Advisory
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascThird Party Advisory
- http://docs.info.apple.com/article.html?artnum=304829Third Party Advisory
- http://issues.rpath.com/browse/RPL-613Broken Link
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlMailing List, Third Party Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlMailing List, Third Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Mailing List, Third Party Advisory
- http://openbsd.org/errata.html#openssl2Third Party Advisory
- http://openvpn.net/changelog.htmlThird Party Advisory
- http://secunia.com/advisories/22094Third Party Advisory
- http://secunia.com/advisories/22116Third Party Advisory
- http://secunia.com/advisories/22130Third Party Advisory
- http://secunia.com/advisories/22165Third Party Advisory
- http://secunia.com/advisories/22166Third Party Advisory
- http://secunia.com/advisories/22172Third Party Advisory
- http://secunia.com/advisories/22186Third Party Advisory
- http://secunia.com/advisories/22193Third Party Advisory
- http://secunia.com/advisories/22207Third Party Advisory
- http://secunia.com/advisories/22212Third Party Advisory
- http://secunia.com/advisories/22216Third Party Advisory
- http://secunia.com/advisories/22220Third Party Advisory
- http://secunia.com/advisories/22240Third Party Advisory
- http://secunia.com/advisories/22259Third Party Advisory
- http://secunia.com/advisories/22260Third Party Advisory
- http://secunia.com/advisories/22284Third Party Advisory
- http://secunia.com/advisories/22298Third Party Advisory
- http://secunia.com/advisories/22330Third Party Advisory
- http://secunia.com/advisories/22385Third Party Advisory
- http://secunia.com/advisories/22460Third Party Advisory
- http://secunia.com/advisories/22487Third Party Advisory
- http://secunia.com/advisories/22500Third Party Advisory
- http://secunia.com/advisories/22544Third Party Advisory
- http://secunia.com/advisories/22626Third Party Advisory
- http://secunia.com/advisories/22758Third Party Advisory
- http://secunia.com/advisories/22772Third Party Advisory
- http://secunia.com/advisories/22791Third Party Advisory
- http://secunia.com/advisories/22799Third Party Advisory
- http://secunia.com/advisories/23038Third Party Advisory
- http://secunia.com/advisories/23155Third Party Advisory
- http://secunia.com/advisories/23280Third Party Advisory
- http://secunia.com/advisories/23309Third Party Advisory
- http://secunia.com/advisories/23340Third Party Advisory
- http://secunia.com/advisories/23680Third Party Advisory
- http://secunia.com/advisories/23794Third Party Advisory
- http://secunia.com/advisories/23915Third Party Advisory
- http://secunia.com/advisories/24950Third Party Advisory
- http://secunia.com/advisories/25420Third Party Advisory
- http://secunia.com/advisories/25889Third Party Advisory
- http://secunia.com/advisories/26329Third Party Advisory
- http://secunia.com/advisories/30124Third Party Advisory
- http://secunia.com/advisories/31492Third Party Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200610-11.xmlThird Party Advisory
- http://securitytracker.com/id?1016943Third Party Advisory, VDB Entry
- http://securitytracker.com/id?1017522Third Party Advisory, VDB Entry
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946Mailing List, Third Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmThird Party Advisory
- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlThird Party Advisory
- http://www.debian.org/security/2006/dsa-1185Third Party Advisory
- http://www.debian.org/security/2006/dsa-1195Third Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlThird Party Advisory
- http://www.ingate.com/relnote-452.phpBroken Link
- http://www.kb.cert.org/vuls/id/386964Patch, Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:172Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:177Third Party Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlThird Party Advisory
- http://www.openssl.org/news/secadv_20060928.txtPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlThird Party Advisory
- http://www.osvdb.org/29263Broken Link
- http://www.redhat.com/support/errata/RHSA-2006-0695.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0629.htmlThird Party Advisory
- http://www.securityfocus.com/bid/20246Patch, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/22083Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/28276Third Party Advisory, VDB Entry
- http://www.serv-u.com/releasenotes/Third Party Advisory
- http://www.trustix.org/errata/2006/0054Broken Link
- http://www.ubuntu.com/usn/usn-353-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlThird Party Advisory, US Government Resource
- http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlThird Party Advisory
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlThird Party Advisory
- http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlThird Party Advisory
- http://www.vmware.com/support/player/doc/releasenotes_player.htmlThird Party Advisory
- http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlThird Party Advisory
- http://www.vmware.com/support/server/doc/releasenotes_server.htmlThird Party Advisory
- http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlThird Party Advisory
- http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlThird Party Advisory
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlThird Party Advisory
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2006/3820Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3860Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3869Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3902Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3936Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4036Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4264Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4401Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4417Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4443Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2006/4750Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/0343Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/1401Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/1973Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2783Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2008/0905/referencesPermissions Required, Third Party Advisory
- http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29240Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/4773Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4343?
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
How severe is CVE-2006-4343?
Severity scoring for CVE-2006-4343 is pending analysis. The EPSS model estimates a 17.42% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4343?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-4343?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST