[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-2937

Date: (C)2006-09-28   (M)2017-10-12 


OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

CVSS Score: 7.8Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1016943
SUNALERT-102668
SUNALERT-102747
SUNALERT-200585
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
20061001-01-P
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
SUNALERT-201534
BID-20248
SECUNIA-22094
SECUNIA-22116
SECUNIA-22130
SECUNIA-22165
SECUNIA-22166
SECUNIA-22172
SECUNIA-22186
SECUNIA-22193
SECUNIA-22207
SECUNIA-22212
SECUNIA-22216
SECUNIA-22220
SECUNIA-22240
SECUNIA-22259
SECUNIA-22260
SECUNIA-22284
SECUNIA-22298
SECUNIA-22330
SECUNIA-22385
SECUNIA-22460
SECUNIA-22487
SECUNIA-22544
SECUNIA-22626
SECUNIA-22671
SECUNIA-22758
SECUNIA-22772
SECUNIA-22799
SECUNIA-23038
SECUNIA-23131
SECUNIA-23155
SECUNIA-23280
SECUNIA-23309
SECUNIA-23340
SECUNIA-23351
SECUNIA-23680
SECUNIA-23915
SECUNIA-24930
SECUNIA-24950
SECUNIA-25889
SECUNIA-26329
BID-28276
OSVDB-29260
SECUNIA-30124
SECUNIA-31492
SECUNIA-31531
ADV-2006-3820
ADV-2006-3860
ADV-2006-3869
ADV-2006-3902
ADV-2006-3936
ADV-2006-4019
ADV-2006-4036
ADV-2006-4264
ADV-2006-4327
ADV-2006-4329
ADV-2006-4401
ADV-2006-4417
ADV-2006-4750
ADV-2006-4761
ADV-2006-4980
ADV-2007-0343
ADV-2007-1401
ADV-2007-2315
ADV-2007-2783
ADV-2008-0905
ADV-2008-2396
APPLE-SA-2006-11-28
DSA-1185
FreeBSD-SA-06:23.openssl
GLSA-200610-11
GLSA-200612-11
HPSBMA02250
HPSBOV02683
HPSBTU02207
HPSBUX02174
HPSBUX02186
MDKSA-2006:172
MDKSA-2006:177
MDKSA-2006:178
NetBSD-SA2008-007
OpenPKG-SA-2006.021
RHSA-2006:0695
RHSA-2008:0629
SSA:2006-272-01
SSRT061213
SSRT061239
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:058
SUSE-SR:2006:024
TA06-333A
USN-353-1
VU#247744
http://openbsd.org/errata.html#openssl2
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.openssl.org/news/secadv_20060928.txt
http://www.serv-u.com/releasenotes/
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
openssl-asn1-error-dos(29228)

CPE    16
cpe:/a:openssl:openssl:0.9.7f
cpe:/a:openssl:openssl:0.9.7g
cpe:/a:openssl:openssl:0.9.7h
cpe:/a:openssl:openssl:0.9.7i
...
CWE    1
CWE-399

© 2013 SecPod Technologies