Think you have a false positive on this rule?

Sid 1-8432

DELETED

Message

DELETED SMTP SSLv2 openssl get shared ciphers overflow attempt

Summary

Buffer overflow in the SSLgetshared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2006-3738:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2007-5135:

CVSS base score 6.8

CVSS impact score 6.4

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2006-3738: Buffer overflow in the SSLgetshared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

CVE-2007-5135: Off-by-one error in the SSLgetshared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Affected systems

  • openssl openssl 0.9.7
  • openssl openssl 0.9.7a
  • openssl openssl 0.9.7b
  • openssl openssl 0.9.7c
  • openssl openssl 0.9.7d
  • openssl openssl 0.9.7e
  • openssl openssl 0.9.7f
  • openssl openssl 0.9.7g
  • openssl openssl 0.9.7h
  • openssl openssl 0.9.7i
  • openssl openssl 0.9.7j
  • openssl openssl 0.9.7k
  • openssl openssl 0.9.8
  • openssl openssl 0.9.8a
  • openssl openssl 0.9.8b
  • openssl openssl 0.9.8c
  • openssl openssl 0.9.7l
  • openssl openssl 0.9.8d
  • openssl openssl 0.9.8e
  • openssl openssl 0.9.8f

Ease of attack

CVE-2006-3738:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2007-5135:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • www.openssl.org/news/secadv_20060928.txt