OpenSSL SSLv2 Null Pointer Dereference Client DoS
2015年7月21日
危険度: 中
CVE識別番号: CVE-2006-4343
情報公開日: 7 21, 2015
概要
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
トレンドマイクロの対策
This vulnerability is addressed in the following product releases:
OpenSSL Project, OpenSSL, 0.9.7l (or later)
OpenSSL Project, OpenSSL, 0.9.8d (or later)
対応方法
Trend Micro Deep Security DPI Rule Number: 1001262
Trend Micro Deep Security DPI Rule Name: 1001262 - OpenSSL SSLv2 Null Pointer Dereference Client DoS
影響を受けるソフトウェア
- OpenSSL Project OpenSSL 0.9.7
- OpenSSL Project OpenSSL 0.9.7a
- OpenSSL Project OpenSSL 0.9.7b
- OpenSSL Project OpenSSL 0.9.7c
- OpenSSL Project OpenSSL 0.9.7d
- OpenSSL Project OpenSSL 0.9.7e
- OpenSSL Project OpenSSL 0.9.7f
- OpenSSL Project OpenSSL 0.9.7g
- OpenSSL Project OpenSSL 0.9.7h
- OpenSSL Project OpenSSL 0.9.7i
- OpenSSL Project OpenSSL 0.9.7j
- OpenSSL Project OpenSSL 0.9.7k
- OpenSSL Project OpenSSL 0.9.8
- OpenSSL Project OpenSSL 0.9.8a
- OpenSSL Project OpenSSL 0.9.8b
- OpenSSL Project OpenSSL 0.9.8c