Vulnerabilities > CVE-2006-7250 - Unspecified vulnerability in Openssl
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN openssl
nessus
Summary
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1424-1.NASL description It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58808 published 2012-04-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58808 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1424-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58808); script_version("1.18"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2006-7250", "CVE-2012-1165", "CVE-2012-2110"); script_bugtraq_id(52181, 52764, 53158); script_xref(name:"USN", value:"1424-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1424-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libssl0.9.8 and / or libssl1.0.0 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.04 / 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libssl0.9.8", pkgver:"0.9.8g-4ubuntu3.17")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libssl0.9.8", pkgver:"0.9.8k-7ubuntu8.10")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libssl0.9.8", pkgver:"0.9.8o-5ubuntu1.4")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libssl1.0.0", pkgver:"1.0.0e-2ubuntu4.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl0.9.8 / libssl1.0.0"); }NASL family Web Servers NASL id OPENSSL_0_9_8U.NASL description According to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 58564 published 2012-04-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58564 title OpenSSL < 0.9.8u Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58564); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2006-7250", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165" ); script_bugtraq_id(51281, 52181, 52428, 52764); script_name(english:"OpenSSL < 0.9.8u Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute( attribute:"synopsis", value:"The remote host may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function 'mime_hdr_cmp' that could allow a NULL pointer to be dereferenced when parsing certain MIME headers. (CVE-2006-7250) - The fix for CVE-2011-4619 was not complete. - An error exists in the Cryptographic Message Syntax (CMS) and PKCS #7 implementation such that data can be decrypted using Million Message Attack (MMA) adaptive chosen cipher text attack. (CVE-2012-0884) - An error exists in the function 'mime_param_cmp' in the file 'crypto/asn1/asn_mime.c' that can allow a NULL pointer to be dereferenced when handling certain S/MIME content. (CVE-2012-1165) Note that SSL/TLS applications are not necessarily affected, but those using CMS, PKCS #7 and S/MIME decryption operations are." ); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=openssl-dev&m=115685408414194&w=2"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120312.txt"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/changelog.html"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2012/03/13/2"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2012/02/28/14"); # https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=dc95c53c6f3fc9007fea9376d02f7bd82d2a0fb4 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82fc5c0b"); script_set_attribute(attribute:"see_also", value:"https://rt.openssl.org/Ticket/Display.html?id=2711&user=guest&pass=guest"); script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.8u or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.8u', severity:SECURITY_WARNING);NASL family Web Servers NASL id OPENSSL_1_0_0H.NASL description According to its banner, the remote web server is running OpenSSL version 1.0.0 prior to version 1.0.0h. As such, it reportedly is affected by the following vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 58565 published 2012-04-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58565 title OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1335.NASL description Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 63892 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63892 title RHEL 5 : openssl (RHSA-2009:1335) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-120328.NASL description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl last seen 2020-06-05 modified 2012-04-11 plugin id 58678 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58678 title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1335.NASL description Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 43785 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43785 title CentOS 5 : openssl (CESA-2009:1335) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-120327.NASL description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl last seen 2020-06-05 modified 2012-04-11 plugin id 58677 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58677 title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-174.NASL description Specially crafted MIME headers could crash openssl last seen 2020-06-05 modified 2014-06-13 plugin id 74573 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74573 title openSUSE Security Update : openssl (openSUSE-SU-2012:0414-1) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-8034.NASL description The following security issue has been fixed : - Specially crafted MIME headers could cause OpenSSL last seen 2020-06-05 modified 2012-04-11 plugin id 58679 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58679 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8034) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY4.NASL description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131) - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333) last seen 2020-06-01 modified 2020-06-02 plugin id 73562 published 2014-04-16 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73562 title AIX OpenSSL Advisory : openssl_advisory4.asc NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-038.NASL description Multiple vulnerabilities has been found and corrected in openssl : The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250 (CVE-2012-1165). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58490 published 2012-03-27 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58490 title Mandriva Linux Security Advisory : openssl (MDVSA-2012:038) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-03.NASL description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71169 published 2013-12-03 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71169 title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=openssl-dev&m=115685408414194&w=2
- http://www.openwall.com/lists/oss-security/2012/02/28/14
- http://www.openwall.com/lists/oss-security/2012/02/27/10
- http://cvs.openssl.org/chngview?cn=22144
- https://bugzilla.novell.com/show_bug.cgi?id=748738
- https://bugzilla.redhat.com/show_bug.cgi?id=798100
- http://secunia.com/advisories/48516
- http://www.ubuntu.com/usn/USN-1424-1
- http://secunia.com/advisories/48899
- http://secunia.com/advisories/36533
- http://www.redhat.com/support/errata/RHSA-2009-1335.html
- http://marc.info/?l=bugtraq&m=133728068926468&w=2
- http://secunia.com/advisories/48153
- http://www.securityfocus.com/bid/52181
- http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html