Bug 206940 - CVE-2006-3738 OpenSSL issues (CVE-2006-4343)
CVE-2006-3738 OpenSSL issues (CVE-2006-4343)
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssl (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
Blocks: 209116 CVE-2006-3738
  Show dependency treegraph
Reported: 2006-09-18 06:51 EDT by Mark J. Cox
Modified: 2008-01-29 05:57 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0695
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-28 20:05:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch CVE-2006-4343 (784 bytes, patch)
2006-09-18 06:51 EDT, Mark J. Cox
no flags Details | Diff
Proposed patch CVE-2006-3738 (1.18 KB, patch)
2006-09-18 06:53 EDT, Mark J. Cox
no flags Details | Diff

  None (edit)
Description Mark J. Cox 2006-09-18 06:51:31 EDT
Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer 
overflow in SSL_get_shared_ciphers utility function, used by some 
applications such as exim and mysql.  An attacker could send a list of 
ciphers that would overrun a buffer CVE-2006-3738

Tavis Ormandy and Will Drewry of the Google Security Team discovered a 
possible DoS in the sslv2 client code.  Where a client application uses 
OpenSSL to make a SSLv2 connection to a malicious server that server 
could cause the client to crash.  CVE-2006-4343

EMBARGO until 20060928
Comment 1 Mark J. Cox 2006-09-18 06:51:32 EDT
Created attachment 136527 [details]
Proposed patch CVE-2006-4343
Comment 2 Mark J. Cox 2006-09-18 06:53:44 EDT
Created attachment 136528 [details]
Proposed patch CVE-2006-3738
Comment 5 Mark J. Cox 2006-09-28 09:26:44 EDT
removing embargo, public at http://www.openssl.org/news/secadv_20060928.txt
Comment 6 Red Hat Bugzilla 2006-09-28 20:05:31 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.