CVE-2006-3738

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openssl.org/news/secadv_20060928.txt", "name": "http://www.openssl.org/news/secadv_20060928.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/547300", "name": "VU#547300", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/20249", "name": "20249", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", "tags": ["Patch"], "refsource": "FULLDISC"}, {"url": "http://www.debian.org/security/2006/dsa-1185", "name": "DSA-1185", "tags": ["Patch"], "refsource": "DEBIAN"}, {"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", "name": "FreeBSD-SA-06:23", "tags": ["Patch", "Vendor Advisory"], "refsource": "FREEBSD"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html", "name": "RHSA-2006:0695", "tags": ["Patch"], "refsource": "REDHAT"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", "name": "SSA:2006-272-01", "tags": ["Patch"], "refsource": "SLACKWARE"}, {"url": "http://www.ubuntu.com/usn/usn-353-1", "name": "USN-353-1", "tags": ["Patch"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/22130", "name": "22130", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22094", "name": "22094", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22165", "name": "22165", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22186", "name": "22186", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22193", "name": "22193", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22207", "name": "22207", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22259", "name": "22259", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22260", "name": "22260", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://kolab.org/security/kolab-vendor-notice-11.txt", "name": "http://kolab.org/security/kolab-vendor-notice-11.txt", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", "name": "OpenPKG-SA-2006.021", "tags": ["Patch", "Vendor Advisory"], "refsource": "OPENPKG"}, {"url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", "name": "SUSE-SA:2006:058", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUSE"}, {"url": "http://www.trustix.org/errata/2006/0054", "name": "2006-0054", "tags": ["Patch"], "refsource": "TRUSTIX"}, {"url": "http://securitytracker.com/id?1016943", "name": "1016943", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22166", "name": "22166", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22172", "name": "22172", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22212", "name": "22212", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22240", "name": "22240", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22216", "name": "22216", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22116", "name": "22116", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22220", "name": "22220", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://openvpn.net/changelog.html", "name": "http://openvpn.net/changelog.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://openbsd.org/errata.html#openssl2", "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", "tags": ["Patch"], "refsource": "OPENBSD"}, {"url": "http://secunia.com/advisories/22284", "name": "22284", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22330", "name": "22330", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1195", "name": "DSA-1195", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", "name": "102668", "tags": ["Patch"], "refsource": "SUNALERT"}, {"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html", "name": "SUSE-SR:2006:024", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUSE"}, {"url": "http://www.osvdb.org/29262", "name": "29262", "tags": ["Patch"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/22385", "name": "22385", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22460", "name": "22460", "tags": [], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200610-11.xml", "name": "GLSA-200610-11", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/22500", "name": "22500", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22544", "name": "22544", "tags": [], "refsource": "SECUNIA"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", "name": "20061001-01-P", "tags": [], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/22626", "name": "22626", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22633", "name": "22633", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22654", "name": "22654", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22487", "name": "22487", "tags": [], "refsource": "SECUNIA"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", "name": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", "name": "20061108 Multiple Vulnerabilities in OpenSSL library", "tags": [], "refsource": "CISCO"}, {"url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", "name": "20061108 Multiple Vulnerabilities in OpenSSL Library", "tags": [], "refsource": "CISCO"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", "name": "102711", "tags": [], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/22758", "name": "22758", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22799", "name": "22799", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22791", "name": "22791", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22772", "name": "22772", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23038", "name": "23038", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", "name": "APPLE-SA-2006-11-28", "tags": [], "refsource": "APPLE"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", "name": "TA06-333A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://secunia.com/advisories/23155", "name": "23155", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22298", "name": "22298", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", "name": "GLSA-200612-11", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/23309", "name": "23309", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23280", "name": "23280", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23340", "name": "23340", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", "name": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", "name": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", "name": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", "name": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/23680", "name": "23680", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23794", "name": "23794", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1017522", "name": "1017522", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/23915", "name": "23915", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24950", "name": "24950", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24930", "name": "24930", "tags": [], "refsource": "SECUNIA"}, {"url": "http://issues.rpath.com/browse/RPL-613", "name": "http://issues.rpath.com/browse/RPL-613", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", "name": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", "name": "MDKSA-2006:172", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", "name": "MDKSA-2006:177", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", "name": "MDKSA-2006:178", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.securityfocus.com/bid/22083", "name": "22083", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25889", "name": "25889", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/26329", "name": "26329", "tags": [], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", "name": "201531", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", "name": "GLSA-200805-07", "tags": [], "refsource": "GENTOO"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", "name": "NetBSD-SA2008-007", "tags": [], "refsource": "NETBSD"}, {"url": "http://secunia.com/advisories/30124", "name": "30124", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/30161", "name": "30161", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31492", "name": "31492", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html", "name": "RHSA-2008:0629", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2007/2315", "name": "ADV-2007-2315", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/3860", "name": "ADV-2006-3860", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4314", "name": "ADV-2006-4314", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4264", "name": "ADV-2006-4264", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4417", "name": "ADV-2006-4417", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/1401", "name": "ADV-2007-1401", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4750", "name": "ADV-2006-4750", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/3936", "name": "ADV-2006-3936", "tags": [], "refsource": "VUPEN"}, {"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", "name": "SSRT071304", "tags": [], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2006/3902", "name": "ADV-2006-3902", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4401", "name": "ADV-2006-4401", "tags": [], "refsource": "VUPEN"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", "name": "HPSBMA02250", "tags": [], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2006/3820", "name": "ADV-2006-3820", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0343", "name": "ADV-2007-0343", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/3869", "name": "ADV-2006-3869", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4036", "name": "ADV-2006-4036", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/2783", "name": "ADV-2007-2783", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4443", "name": "ADV-2006-4443", "tags": [], "refsource": "VUPEN"}, {"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", "name": "SSRT071299", "tags": [], "refsource": "HP"}, {"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", "name": "HPSBUX02174", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "name": "SSRT090208", "tags": [], "refsource": "HP"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.serv-u.com/releasenotes/", "name": "http://www.serv-u.com/releasenotes/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://docs.info.apple.com/article.html?artnum=304829", "name": "http://docs.info.apple.com/article.html?artnum=304829", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", "name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", "tags": [], "refsource": "CONFIRM"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", "name": "openssl-sslgetsharedciphers-bo(29237)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", "name": "oval:org.mitre.oval:def:9370", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", "name": "oval:org.mitre.oval:def:4256", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded", "name": "20070602 Recent OpenSSL exploits", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded", "name": "20070110 VMware ESX server security updates", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded", "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded", "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3738", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-09-28T18:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:29Z"}