Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Wed Apr 23, 2014 12:06 pm

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 4 posts ] 
Author Message
Unread postPosted: Thu Jan 18, 2007 7:07 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2931
Location: Maryland, USA
OpenSSL SSL_get_shared_ciphers Function Buffer Overflow Vulnerability

-------------------------------------------------------------------------------------

Alert Type :VULNERABILITY ALERT

Threat Type :Unintended Weakness:Buffer Overflow

IntelliShield ID :11788
Version :23

Urgency :2 - Unlikely Use

Credibility :5 - Confirmed

Severity :4 - Moderate Damage

CVSS Base Score :10.0

CVSS Temporal Score :7.4

CVSS Vector :AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N/E:U/RL:O/RC:C

First Published :Sep 28, 2006; 03:56 PM EDT
Last Published :Jan 18, 2007; 09:54 AM EST

Ports :Not Available
CVE :CVE-2006-3738

Version Summary
-------------------------------------------------------------------------------------
Oracle has released the January 2007 Critical Patch Update and updates to address the buffer overflow vulnerability in the SSL_get_shared_ciphers function of OpenSSL.

Description
-------------------------------------------------------------------------------------
OpenSSL versions 0.9.7k and prior and 0.9.8c and prior contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with elevated privileges.

This vulnerability exists due to insufficient boundary checking on user-supplied input. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted request to an application or system service depending on the OpenSSL library. An exploit could trigger a buffer overflow condition, allowing the attacker to crash the affected service or execute arbitrary code with privileges of the target application or service.

OpenSSL confirmed this vulnerability in a security advisory and released updated versions.

Impact
-------------------------------------------------------------------------------------
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with privileges of the affected service or application. An exploit could allow the attacker to gain complete control of the affected system.

Warning Indicators
-------------------------------------------------------------------------------------
OpenSSL versions 0.9.7k and prior and 0.9.8c and prior are vulnerable.

Technical Information
-------------------------------------------------------------------------------------
This vulnerability exists because the SSL_get_shared_ciphers() function fails to properly limit input before use in memory operations. An attacker could exploit this vulnerability by sending a malicious set of large, crafted ciphers to an exposed application depending on the OpenSSL library and then using the affected function. An exploit could trigger a buffer overflow condition, allowing an attacker to crash the affected application or execute arbitrary code with privileges of the affected application or service.

IntelliShield Analysis
-------------------------------------------------------------------------------------
Systems that allow unfiltered user input to system applications and services depending on the vulnerable OpenSSL library are at a greater risk. An attacker can exploit this vulnerability by sending a crafted request to an exposed service linked to the OpenSSL library. Statically linked applications and services may require recompilation, while dynamically linked applications and services will simply require a service or system restart. Vulnerable services may include mail, web, and database services using OpenSSL to encrypt network communications.

Safeguards
-------------------------------------------------------------------------------------
Administrators are advised to apply the appropriate software updates.

Administrators are advised to restrict access to trusted users.

Administrators may consider employing network filtering devices to block malformed requests to effected systems.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 18, 2007 8:04 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 1:31 am
Posts: 7956
Location: Pleasanton, California
Ah, thought this was something new - been fixed since last September (and in Nekoware since October) ;)

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 19, 2007 3:10 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2931
Location: Maryland, USA
Oh right. Sorry, my mistake as well.


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Jan 20, 2007 11:10 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 1:31 am
Posts: 7956
Location: Pleasanton, California
Not a problem. Looks like this was sent out as an update because Oracle finally patched their bundled library: "Oracle has released the January 2007 Critical Patch Update and updates to address the buffer overflow vulnerability in the SSL_get_shared_ciphers function of OpenSSL." Other than that, old news :)

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group