Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-7250

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-7250
Last Modified 22 Jan 2013 10:27:34
Published 29 Feb 2012 06:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-7250

Summary

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 0.9.8s

  • Openssl 0.9.8t


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=798100

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=748738

CONFIRM - http://cvs.openssl.org/chngview?cn=22144

MLIST - [oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue

MLIST - [oss-security] 20120227 CVE request: openssl: null pointer dereference issue

MLIST - [openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers

MLIST - [openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME

SECUNIA - 48516

UBUNTU - USN-1424-1

SECUNIA - 48899

REDHAT - RHSA-2009:1335

SECUNIA - 36533

Related Patches

Novell SUSE 2012:6054 libopenssl-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6054 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:8034 openssl security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8034 openssl security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:37