Vulnerability Description
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
| Debian | Debian Linux | 3.1 |
| Canonical | Ubuntu Linux | 5.04 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascThird Party Advisory
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascThird Party Advisory
- http://docs.info.apple.com/article.html?artnum=304829Third Party Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771Broken Link
- http://issues.rpath.com/browse/RPL-613Broken Link
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100Broken Link
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540Broken Link
- http://kolab.org/security/kolab-vendor-notice-11.txtBroken Link
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlMailing ListThird Party Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlMailing ListThird Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlMailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Mailing ListThird Party Advisory
- http://openbsd.org/errata.html#openssl2Third Party Advisory
- http://openvpn.net/changelog.htmlThird Party Advisory
- http://secunia.com/advisories/22094Third Party Advisory
FAQ
What is CVE-2006-4343?
CVE-2006-4343 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via u...
How severe is CVE-2006-4343?
CVE-2006-4343 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4343?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux, Canonical Ubuntu Linux.