Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2940

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-2940
Last Modified 22 Oct 2012 10:05:25
Published 28 Sep 2006 02:07:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2940

Summary

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c


References

CERT - TA06-333A

HP - SSRT071304

HP - SSRT061213

XF - openssl-publickey-dos(29230)

VUPEN - ADV-2008-2396

VUPEN - ADV-2008-0905

VUPEN - ADV-2007-2783

VUPEN - ADV-2007-2315

VUPEN - ADV-2007-1401

VUPEN - ADV-2007-0343

VUPEN - ADV-2006-4980

VUPEN - ADV-2006-4750

VUPEN - ADV-2006-4417

VUPEN - ADV-2006-4401

VUPEN - ADV-2006-4329

VUPEN - ADV-2006-4327

VUPEN - ADV-2006-4264

VUPEN - ADV-2006-4036

VUPEN - ADV-2006-4019

VUPEN - ADV-2006-3936

VUPEN - ADV-2006-3902

VUPEN - ADV-2006-3869

VUPEN - ADV-2006-3860

VUPEN - ADV-2006-3820

MISC - http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en

UBUNTU - USN-353-2

UBUNTU - USN-353-1

CONFIRM - http://www.serv-u.com/releasenotes/

BID - 20247

REDHAT - RHSA-2008:0629

REDHAT - RHSA-2006:0695

OSVDB - 29261

CONFIRM - http://www.openssl.org/news/secadv_20060928.txt

OPENPKG - OpenPKG-SA-2006.021

SUSE - SUSE-SA:2006:058

SUSE - SUSE-SR:2006:024

DEBIAN - DSA-1195

DEBIAN - DSA-1185

CONFIRM - http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf

CONFIRM - http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm

CONFIRM - http://support.attachmate.com/techdocs/2374.html

SUNALERT - 102668

SLACKWARE - SSA:2006-272-01

SECTRACK - 1016943

GENTOO - GLSA-200610-11

FREEBSD - FreeBSD-SA-06:23.openssl

SECUNIA - 31531

SECUNIA - 31492

SECUNIA - 22544

SECUNIA - 22500

SECUNIA - 22460

SECUNIA - 22385

SECUNIA - 22330

SECUNIA - 22284

SECUNIA - 22260

SECUNIA - 22259

SECUNIA - 22240

SECUNIA - 22220

SECUNIA - 22216

SECUNIA - 22212

SECUNIA - 22207

SECUNIA - 22193

SECUNIA - 22186

SECUNIA - 22172

SECUNIA - 22166

SECUNIA - 22165

SECUNIA - 22130

SECUNIA - 22116

SECUNIA - 22094

CONFIRM - http://openvpn.net/changelog.html

OPENBSD - [3.9] 20061007 013: SECURITY FIX: October 7, 2006

MLIST - [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]

HP - SSRT090208

HP - HPSBOV02683

FULLDISC - 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released

CONFIRM - http://kolab.org/security/kolab-vendor-notice-11.txt

HP - SSRT071299

HP - SSRT061239

HP - SSRT061275

SGI - 20061001-01-P

CONFIRM - https://issues.rpath.com/browse/RPL-1633

CONFIRM - http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/player/doc/releasenotes_player.html

CONFIRM - http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

CONFIRM - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

CONFIRM - http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0005.html

BID - 28276

BID - 22083

BUGTRAQ - 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

BUGTRAQ - 20070110 VMware ESX server security updates

BUGTRAQ - 20060929 rPSA-2006-0175-2 openssl openssl-scripts

BUGTRAQ - 20060928 rPSA-2006-0175-1 openssl openssl-scripts

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html

MANDRIVA - MDKSA-2006:178

MANDRIVA - MDKSA-2006:177

MANDRIVA - MDKSA-2006:172

GENTOO - GLSA-200612-11

CISCO - 20061108 Multiple Vulnerabilities in OpenSSL library

CISCO - 20061108 Multiple Vulnerabilities in OpenSSL Library

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

SUNALERT - 201534

SUNALERT - 200585

SUNALERT - 102747

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

SECTRACK - 1017522

SECUNIA - 30124

SECUNIA - 26893

SECUNIA - 26329

SECUNIA - 25889

SECUNIA - 24950

SECUNIA - 24930

SECUNIA - 23915

SECUNIA - 23794

SECUNIA - 23680

SECUNIA - 23351

SECUNIA - 23340

SECUNIA - 23309

SECUNIA - 23280

SECUNIA - 23155

SECUNIA - 23038

SECUNIA - 22799

SECUNIA - 22772

SECUNIA - 22758

SECUNIA - 22671

SECUNIA - 22626

SECUNIA - 22487

SECUNIA - 22298

MLIST - [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

APPLE - APPLE-SA-2006-11-28

HP - HPSBUX02174

CONFIRM - http://issues.rpath.com/browse/RPL-613

HP - HPSBMA02250

CONFIRM - http://docs.info.apple.com/article.html?artnum=304829

NETBSD - NetBSD-SA2008-007

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

HP - HPSBTU02207

HP - HPSBUX02186

Related Patches

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 Server (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (Intel)


Last Updated: 27 May 2016 10:53:42