[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-2940

Date: (C)2006-09-28   (M)2017-10-12
 
CVSS Score: 7.8Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

Reference:
SECTRACK-1016943
SECTRACK-1017522
SUNALERT-102668
SUNALERT-102747
SUNALERT-200585
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
20061001-01-P
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
SUNALERT-201534
BID-20247
BID-22083
SECUNIA-22094
SECUNIA-22116
SECUNIA-22130
SECUNIA-22165
SECUNIA-22166
SECUNIA-22172
SECUNIA-22186
SECUNIA-22193
SECUNIA-22207
SECUNIA-22212
SECUNIA-22216
SECUNIA-22220
SECUNIA-22240
SECUNIA-22259
SECUNIA-22260
SECUNIA-22284
SECUNIA-22298
SECUNIA-22330
SECUNIA-22385
SECUNIA-22460
SECUNIA-22487
SECUNIA-22500
SECUNIA-22544
SECUNIA-22626
SECUNIA-22671
SECUNIA-22758
SECUNIA-22772
SECUNIA-22799
SECUNIA-23038
SECUNIA-23155
SECUNIA-23280
SECUNIA-23309
SECUNIA-23340
SECUNIA-23351
SECUNIA-23680
SECUNIA-23794
SECUNIA-23915
SECUNIA-24930
SECUNIA-24950
SECUNIA-25889
SECUNIA-26329
SECUNIA-26893
BID-28276
OSVDB-29261
SECUNIA-30124
SECUNIA-31492
SECUNIA-31531
ADV-2006-3820
ADV-2006-3860
ADV-2006-3869
ADV-2006-3902
ADV-2006-3936
ADV-2006-4019
ADV-2006-4036
ADV-2006-4264
ADV-2006-4327
ADV-2006-4329
ADV-2006-4401
ADV-2006-4417
ADV-2006-4750
ADV-2006-4980
ADV-2007-0343
ADV-2007-1401
ADV-2007-2315
ADV-2007-2783
ADV-2008-0905
ADV-2008-2396
APPLE-SA-2006-11-28
DSA-1185
DSA-1195
FreeBSD-SA-06:23.openssl
GLSA-200610-11
GLSA-200612-11
HPSBMA02250
HPSBOV02683
HPSBUX02174
MDKSA-2006:172
MDKSA-2006:177
MDKSA-2006:178
NetBSD-SA2008-007
OpenPKG-SA-2006.021
RHSA-2006:0695
RHSA-2008:0629
SSA:2006-272-01
SSRT061213
SSRT061239
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:058
SUSE-SR:2006:024
TA06-333A
USN-353-1
USN-353-2
http://openbsd.org/errata.html#openssl2
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.openssl.org/news/secadv_20060928.txt
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.serv-u.com/releasenotes/
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
https://issues.rpath.com/browse/RPL-1633
openssl-publickey-dos(29230)

CPE    47
cpe:/a:openssl:openssl:0.9.7f
cpe:/a:openssl:openssl:0.9.7g
cpe:/a:openssl:openssl:0.9.7h
cpe:/a:openssl:openssl:0.9.1c
...
CWE    1
CWE-399

© 2013 SecPod Technologies