Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)

Critical Nessus Plugin ID 27933


The remote Ubuntu host is missing one or more security-related patches.


Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected packages.

Plugin Details

Severity: Critical

ID: 27933

File Name: ubuntu_USN-353-1.nasl

Version: $Revision: 1.12 $

Type: local

Agent: unix

Published: 2007/11/10

Modified: 2016/12/01

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:libssl-dev, p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7, p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8, p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg, p-cpe:/a:canonical:ubuntu_linux:openssl, cpe:/o:canonical:ubuntu_linux:5.04, cpe:/o:canonical:ubuntu_linux:5.10, cpe:/o:canonical:ubuntu_linux:6.06:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 2006/09/28

Vulnerability Publication Date: 2006/09/28

Reference Information

CVE: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343, CVE-2007-5135

OSVDB: 29260, 29261, 29262, 29263

USN: 353-1

CWE: 119, 189, 399