Secunia SmallBusiness
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2006-2940
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-2940

Description:
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/29230

UBUNTU
  http://www.ubuntu.com/usn/usn-353-2
  http://www.ubuntu.com/usn/usn-353-1

TRUSTIX
  http://www.trustix.org/errata/2006/0054

SUSE
  http://www.novell.com/linux/security/advisories/2006_24_sr.html
  http://www.novell.com/linux/security/advisories/2006_58_openssl.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

ST
  1016943
  1017522

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946

SGI

SAID
  Secunia Advisory: SA22130
  Secunia Advisory: SA22094
  Secunia Advisory: SA22165
  Secunia Advisory: SA22186
  Secunia Advisory: SA22193
  Secunia Advisory: SA22207
  Secunia Advisory: SA22259
  Secunia Advisory: SA22260
  Secunia Advisory: SA22166
  Secunia Advisory: SA22172
  Secunia Advisory: SA22212
  Secunia Advisory: SA22240
  Secunia Advisory: SA22216
  Secunia Advisory: SA22116
  Secunia Advisory: SA22220
  Secunia Advisory: SA22284
  Secunia Advisory: SA22330
  Secunia Advisory: SA22385
  Secunia Advisory: SA22460
  Secunia Advisory: SA22500
  Secunia Advisory: SA22544
  Secunia Advisory: SA22626
  Secunia Advisory: SA22487
  Secunia Advisory: SA22671
  Secunia Advisory: SA22758
  Secunia Advisory: SA22799
  Secunia Advisory: SA22772
  Secunia Advisory: SA23038
  Secunia Advisory: SA23155
  Secunia Advisory: SA22298
  Secunia Advisory: SA23309
  Secunia Advisory: SA23280
  Secunia Advisory: SA23340
  Secunia Advisory: SA23351
  Secunia Advisory: SA23680
  Secunia Advisory: SA23794
  Secunia Advisory: SA23915
  Secunia Advisory: SA24950
  Secunia Advisory: SA24930
  Secunia Advisory: SA25889
  Secunia Advisory: SA26329
  Secunia Advisory: SA26893
  Secunia Advisory: SA30124
  Secunia Advisory: SA31531
  Secunia Advisory: SA31492

REDHAT
  http://www.redhat.com/support/errata/RHSA-2008-0629.html
  http://www.redhat.com/support/errata/RHSA-2006-0695.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10311

OSVDB
  29261

OPENPKG
  http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html

OPENBSD
  http://openbsd.org/errata.html#openssl2

NETBSD

MLIST
  http://lists.vmware.com/pipermail/security-announce/2008/000008.html
  http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2

MISC
  http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:172

HP
  http://marc.info/?l=bugtraq&m=130497311408250&w=2
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
  http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
  http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
  http://security.gentoo.org/glsa/glsa-200610-11.xml

FULLDISC
  http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html

FREEBSD
  http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

DEBIAN
  http://www.debian.org/security/2006/dsa-1195
  http://www.debian.org/security/2006/dsa-1185

CONFIRM
  http://support.attachmate.com/techdocs/2374.html
  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
  http://www.vmware.com/support/server/doc/releasenotes_server.html
  http://www.vmware.com/support/player2/doc/releasenotes_player2.html
  http://www.vmware.com/support/player/doc/releasenotes_player.html
  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
  http://www.vmware.com/security/advisories/VMSA-2008-0005.html
  http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
  http://issues.rpath.com/browse/RPL-613
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
  http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
  http://docs.info.apple.com/article.html?artnum=304829
  http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
  http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
  http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
  http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
  http://www.serv-u.com/releasenotes/
  http://openvpn.net/changelog.html
  http://kolab.org/security/kolab-vendor-notice-11.txt
  http://www.openssl.org/news/secadv_20060928.txt

CISCO
  http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
  http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

CERT
  http://www.us-cert.gov/cas/techalerts/TA06-333A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded

BID
  28276
  22083
  20247

APPLE
  http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability