Check Point response to OpenSSL vulnerability CVE-2006-3738

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk33771
Technical Level
Product	Security Gateway
Version	All
Platform / Model	All
Date Created	28-Oct-2007
Last Modified	07-May-2014

Symptoms

Check Point products are not vulnerable to OpenSSL SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738).

Solution

A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function (See OpenSSL Security Advisory ). Vulnerability exists in OpenSSL versions 0.9.7 - 0.9.7k, 0.9.8 - 0.9.8c, and earlier versions.

By sending a very long list of ciphers to an application that uses the vulnerable function, a remote attacker could overflow a buffer and execute arbitrary code on the system, or cause the application to crash.

All Check Point products and versions do not use the vulnerable function; therefore vulnerability CVE-2006-3738 does not affect Check Point product-code.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating