FreeBSD : OpenSSL -- Multiple problems in crypto(3) (0f37d765-c5d4-11db-9f82-000e0c2e438a)

Critical Nessus Plugin ID 24719


The remote FreeBSD host is missing one or more security-related updates.


Several problems have been found in OpenSSL :

- During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop.

- A buffer overflow exists in the SSL_get_shared_ciphers function.

- A NULL pointer may be dereferenced in the SSL version 2 client code.

In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. Impact : Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack.

An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server.

A malicious SSL server can cause clients connecting using SSL version 2 to crash.

Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. Workaround : No workaround is available, but not all of the vulnerabilities mentioned affect all applications.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 24719

File Name: freebsd_pkg_0f37d765c5d411db9f82000e0c2e438a.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2007/02/27

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openssl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2007/02/26

Vulnerability Publication Date: 2006/09/28

Reference Information

CVE: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343

OSVDB: 29260, 29261, 29262, 29263

FreeBSD: SA-06:23.openssl

CWE: 119, 399