ID

VAR-200609-1143


CVE

CVE-2006-4407


TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

Trust: 0.8

sources: CERT/CC: VU#386964

DESCRIPTION

The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available

Trust: 4.86

sources: NVD: CVE-2006-4407 // CERT/CC: VU#386964 // CERT/CC: VU#734032 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // JVNDB: JVNDB-2006-001152 // BID: 21335 // VULHUB: VHN-20515

AFFECTED PRODUCTS

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 2.4

vendor:f5model: - scope: - version: -

Trust: 2.4

vendor:freebsdmodel: - scope: - version: -

Trust: 2.4

vendor:openpkgmodel: - scope: - version: -

Trust: 2.4

vendor:opensslmodel: - scope: - version: -

Trust: 2.4

vendor:oraclemodel: - scope: - version: -

Trust: 2.4

vendor:red hatmodel: - scope: - version: -

Trust: 2.4

vendor:suse linuxmodel: - scope: - version: -

Trust: 2.4

vendor:slackware linuxmodel: - scope: - version: -

Trust: 2.4

vendor:ubuntumodel: - scope: - version: -

Trust: 2.4

vendor:rpathmodel: - scope: - version: -

Trust: 2.4

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.6

vendor:appgate network securitymodel: - scope: - version: -

Trust: 0.8

vendor:attachmatewrqmodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:iaik java groupmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet consortiummodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:mozillamodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:operamodel: - scope: - version: -

Trust: 0.8

vendor:rsa securitymodel: - scope: - version: -

Trust: 0.8

vendor:ssh security corpmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:sybasemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.3.x to 10.3.9

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#734032 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // BID: 21335 // JVNDB: JVNDB-2006-001152 // CNNVD: CNNVD-200611-503 // NVD: CVE-2006-4407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4407
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#386964
value: 0.32

Trust: 0.8

CARNEGIE MELLON: VU#734032
value: 10.94

Trust: 0.8

CARNEGIE MELLON: VU#845620
value: 7.56

Trust: 0.8

CARNEGIE MELLON: VU#547300
value: 2.53

Trust: 0.8

NVD: CVE-2006-4407
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200611-503
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20515
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-4407
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20515
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#734032 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-20515 // JVNDB: JVNDB-2006-001152 // CNNVD: CNNVD-200611-503 // NVD: CVE-2006-4407

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-503

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200611-503

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001152

PATCH

title:APPLE-SA-2006-11-28url:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-001152

EXTERNAL IDS

db:CERT/CCid:VU#734032

Trust: 3.3

db:USCERTid:TA06-333A

Trust: 2.8

db:NVDid:CVE-2006-4407

Trust: 2.8

db:SECUNIAid:23155

Trust: 2.5

db:BIDid:22083

Trust: 2.4

db:BIDid:21335

Trust: 2.0

db:SECTRACKid:1017298

Trust: 1.7

db:OSVDBid:30731

Trust: 1.7

db:VUPENid:ADV-2006-4750

Trust: 1.7

db:SECUNIAid:23280

Trust: 1.6

db:SECUNIAid:23309

Trust: 1.6

db:BIDid:20246

Trust: 0.8

db:CERT/CCid:VU#386964

Trust: 0.8

db:SECUNIAid:21709

Trust: 0.8

db:CERT/CCid:VU#845620

Trust: 0.8

db:SECUNIAid:22207

Trust: 0.8

db:SECUNIAid:22212

Trust: 0.8

db:SECUNIAid:22116

Trust: 0.8

db:SECUNIAid:22216

Trust: 0.8

db:SECUNIAid:22220

Trust: 0.8

db:SECUNIAid:22330

Trust: 0.8

db:SECUNIAid:22130

Trust: 0.8

db:SECUNIAid:22240

Trust: 0.8

db:SECUNIAid:22259

Trust: 0.8

db:SECUNIAid:22260

Trust: 0.8

db:SECUNIAid:22165

Trust: 0.8

db:SECUNIAid:22166

Trust: 0.8

db:SECUNIAid:22172

Trust: 0.8

db:SECUNIAid:22284

Trust: 0.8

db:SECUNIAid:22186

Trust: 0.8

db:SECUNIAid:22193

Trust: 0.8

db:SECUNIAid:22094

Trust: 0.8

db:BIDid:20249

Trust: 0.8

db:SECTRACKid:1016943

Trust: 0.8

db:XFid:29237

Trust: 0.8

db:CERT/CCid:VU#547300

Trust: 0.8

db:JVNDBid:JVNDB-2006-001152

Trust: 0.8

db:CNNVDid:CNNVD-200611-503

Trust: 0.7

db:CERT/CCid:TA06-333A

Trust: 0.6

db:APPLEid:APPLE-SA-2006-11-28

Trust: 0.6

db:VULHUBid:VHN-20515

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#734032 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-20515 // BID: 21335 // JVNDB: JVNDB-2006-001152 // CNNVD: CNNVD-200611-503 // NVD: CVE-2006-4407

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=304829

Trust: 2.8

url:http://www.us-cert.gov/cas/techalerts/ta06-333a.html

Trust: 2.8

url:http://www.kb.cert.org/vuls/id/734032

Trust: 2.5

url:http://www.securityfocus.com/bid/22083

Trust: 2.4

url:http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html

Trust: 1.7

url:http://www.securityfocus.com/bid/21335

Trust: 1.7

url:http://www.osvdb.org/30731

Trust: 1.7

url:http://securitytracker.com/id?1017298

Trust: 1.7

url:http://secunia.com/advisories/23155

Trust: 1.7

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 1.6

url:http://secunia.com/advisories/23280/

Trust: 1.6

url:http://secunia.com/advisories/23309/

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/4750

Trust: 1.1

url:http://jvn.jp/cert/jvnvu%23386964/index.html

Trust: 0.8

url:http://www.securityfocus.com/bid/20246

Trust: 0.8

url:http://secunia.com/advisories/23155/

Trust: 0.8

url:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Trust: 0.8

url:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060905.txt

Trust: 0.8

url:http://secunia.com/advisories/21709/

Trust: 0.8

url:http://www.rsasecurity.com/rsalabs/node.asp?id=2125

Trust: 0.8

url:http://www.ietf.org/rfc/rfc3447.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnvu%23547300/index.html

Trust: 0.8

url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html

Trust: 0.8

url:https://issues.rpath.com/browse/rpl-613

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 0.8

url:http://kolab.org/security/kolab-vendor-notice-11.txt

Trust: 0.8

url:http://openvpn.net/changelog.html

Trust: 0.8

url:http://www.serv-u.com/releasenotes/

Trust: 0.8

url:http://openbsd.org/errata.html#openssl2

Trust: 0.8

url:http://www.securityfocus.com/bid/20249

Trust: 0.8

url:http://securitytracker.com/id?1016943

Trust: 0.8

url:http://secunia.com/advisories/22130

Trust: 0.8

url:http://secunia.com/advisories/22094

Trust: 0.8

url:http://secunia.com/advisories/22165

Trust: 0.8

url:http://secunia.com/advisories/22186

Trust: 0.8

url:http://secunia.com/advisories/22193

Trust: 0.8

url:http://secunia.com/advisories/22207

Trust: 0.8

url:http://secunia.com/advisories/22259

Trust: 0.8

url:http://secunia.com/advisories/22260

Trust: 0.8

url:http://secunia.com/advisories/22166

Trust: 0.8

url:http://secunia.com/advisories/22172

Trust: 0.8

url:http://secunia.com/advisories/22212

Trust: 0.8

url:http://secunia.com/advisories/22240

Trust: 0.8

url:http://secunia.com/advisories/22216

Trust: 0.8

url:http://secunia.com/advisories/22116

Trust: 0.8

url:http://secunia.com/advisories/22220

Trust: 0.8

url:http://secunia.com/advisories/22284

Trust: 0.8

url:http://secunia.com/advisories/22330

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/29237

Trust: 0.8

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/4750

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://labs.musecurity.com/advisories/mu-200611-01.txt

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#734032 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-20515 // BID: 21335 // JVNDB: JVNDB-2006-001152 // CNNVD: CNNVD-200611-503 // NVD: CVE-2006-4407

CREDITS

Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim※ darksock@uhagr.org

Trust: 0.6

sources: CNNVD: CNNVD-200611-503

SOURCES

db:CERT/CCid:VU#386964
db:CERT/CCid:VU#734032
db:CERT/CCid:VU#845620
db:CERT/CCid:VU#547300
db:VULHUBid:VHN-20515
db:BIDid:21335
db:JVNDBid:JVNDB-2006-001152
db:CNNVDid:CNNVD-200611-503
db:NVDid:CVE-2006-4407

LAST UPDATE DATE

2024-11-19T21:34:00.570000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#386964date:2011-07-22T00:00:00
db:CERT/CCid:VU#734032date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2007-02-08T00:00:00
db:CERT/CCid:VU#547300date:2011-07-22T00:00:00
db:VULHUBid:VHN-20515date:2011-03-08T00:00:00
db:BIDid:21335date:2006-11-30T20:25:00
db:JVNDBid:JVNDB-2006-001152date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-503date:2006-11-30T00:00:00
db:NVDid:CVE-2006-4407date:2011-03-08T02:40:52.703

SOURCES RELEASE DATE

db:CERT/CCid:VU#386964date:2006-09-28T00:00:00
db:CERT/CCid:VU#734032date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2006-09-11T00:00:00
db:CERT/CCid:VU#547300date:2006-09-28T00:00:00
db:VULHUBid:VHN-20515date:2006-11-30T00:00:00
db:BIDid:21335date:2006-11-28T00:00:00
db:JVNDBid:JVNDB-2006-001152date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-503date:2006-11-30T00:00:00
db:NVDid:CVE-2006-4407date:2006-11-30T16:28:00