Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2937

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-2937
Last Modified 15 Aug 2013 01:01:36
Published 28 Sep 2006 02:07:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2937

Summary

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Vulnerable Systems

Application

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c


References

CERT-VN - VU#247744

CERT - TA06-333A

XF - openssl-asn1-error-dos(29228)

UBUNTU - USN-353-1

CONFIRM - http://www.serv-u.com/releasenotes/

BID - 20248

REDHAT - RHSA-2006:0695

CONFIRM - http://www.openssl.org/news/secadv_20060928.txt

OPENPKG - OpenPKG-SA-2006.021

SUSE - SUSE-SA:2006:058

SUSE - SUSE-SR:2006:024

DEBIAN - DSA-1185

CONFIRM - http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm

SUNALERT - 102668

SLACKWARE - SSA:2006-272-01

SECTRACK - 1016943

FREEBSD - FreeBSD-SA-06:23.openssl

SECUNIA - 22330

SECUNIA - 22284

SECUNIA - 22260

SECUNIA - 22259

SECUNIA - 22240

SECUNIA - 22220

SECUNIA - 22216

SECUNIA - 22212

SECUNIA - 22207

SECUNIA - 22193

SECUNIA - 22186

SECUNIA - 22172

SECUNIA - 22166

SECUNIA - 22165

SECUNIA - 22130

SECUNIA - 22116

SECUNIA - 22094

CONFIRM - http://openvpn.net/changelog.html

OPENBSD - [3.9] 20061007 013: SECURITY FIX: October 7, 2006

FULLDISC - 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released

CONFIRM - http://kolab.org/security/kolab-vendor-notice-11.txt

HP - SSRT071304

HP - SSRT061213

VUPEN - ADV-2008-2396

VUPEN - ADV-2008-0905

VUPEN - ADV-2007-2783

VUPEN - ADV-2007-2315

VUPEN - ADV-2007-1401

VUPEN - ADV-2007-0343

VUPEN - ADV-2006-4980

VUPEN - ADV-2006-4761

VUPEN - ADV-2006-4750

VUPEN - ADV-2006-4417

VUPEN - ADV-2006-4401

VUPEN - ADV-2006-4329

VUPEN - ADV-2006-4327

VUPEN - ADV-2006-4264

VUPEN - ADV-2006-4036

VUPEN - ADV-2006-4019

VUPEN - ADV-2006-3936

VUPEN - ADV-2006-3902

VUPEN - ADV-2006-3869

VUPEN - ADV-2006-3860

VUPEN - ADV-2006-3820

REDHAT - RHSA-2008:0629

OSVDB - 29260

CONFIRM - http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf

CONFIRM - http://support.attachmate.com/techdocs/2374.html

GENTOO - GLSA-200610-11

SECUNIA - 31531

SECUNIA - 31492

SECUNIA - 22671

SECUNIA - 22626

SECUNIA - 22544

SECUNIA - 22487

SECUNIA - 22460

SECUNIA - 22385

MLIST - [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]

HP - SSRT090208

HP - HPSBOV02683

HP - SSRT071299

HP - SSRT061239

HP - SSRT061275

SGI - 20061001-01-P

HP - HPSBTU02207

CONFIRM - http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/player/doc/releasenotes_player.html

CONFIRM - http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

CONFIRM - http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0005.html

BID - 28276

BUGTRAQ - 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

BUGTRAQ - 20070110 VMware ESX server security updates

BUGTRAQ - 20060929 rPSA-2006-0175-2 openssl openssl-scripts

BUGTRAQ - 20060928 rPSA-2006-0175-1 openssl openssl-scripts

MANDRIVA - MDKSA-2006:178

MANDRIVA - MDKSA-2006:177

MANDRIVA - MDKSA-2006:172

GENTOO - GLSA-200612-11

CONFIRM - http://www.f-secure.com/security/fsc-2006-6.shtml

CISCO - 20061108 Multiple Vulnerabilities in OpenSSL library

CISCO - 20061108 Multiple Vulnerabilities in OpenSSL Library

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

SUNALERT - 201534

SUNALERT - 200585

SUNALERT - 102747

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

SECUNIA - 30124

SECUNIA - 26329

SECUNIA - 25889

SECUNIA - 24950

SECUNIA - 24930

SECUNIA - 23915

SECUNIA - 23680

SECUNIA - 23351

SECUNIA - 23340

SECUNIA - 23309

SECUNIA - 23280

SECUNIA - 23155

SECUNIA - 23131

SECUNIA - 23038

SECUNIA - 22799

SECUNIA - 22772

SECUNIA - 22758

SECUNIA - 22298

MLIST - [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

APPLE - APPLE-SA-2006-11-28

HP - HPSBUX02186

HP - HPSBUX02174

CONFIRM - http://issues.rpath.com/browse/RPL-613

HP - HPSBMA02250

CONFIRM - http://docs.info.apple.com/article.html?artnum=304829

NETBSD - NetBSD-SA2008-007

Related Patches

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 Server (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (Intel)


Last Updated: 27 May 2016 10:42:50