Security Hero Rotating Header Image

July, 2007:

Multiple Vulnerabilities in OpenSSL Library

Multiple Vulnerabilities in OpenSSL Library

This is the Cisco PSIRT response to the multiple security advisories published by The OpenSSL Project. The vulnerabilities are as follows: RSA Signature Forgery (CVE-2006-4339), described in http://www.openssl.org/news/secadv_20060905.txt ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940), described in http://www.openssl.org/news/secadv_20060928.txt SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738), also in http://www.openssl.org/news/secadv_20060928.txt SSLv2 Client Crash (CVE-2006-4343), also in http://www.openssl.org/news/secadv_20060928.txt

URL: http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html