CVE-2006-2937 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2937
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2937

Description: OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29228 UBUNTU http://www.ubuntu.com/usn/usn-353-1 TRUSTIX http://www.trustix.org/errata/2006/0054 SUSE http://www.novell.com/linux/security/advisories/2006_24_sr.html http://www.novell.com/linux/security/advisories/2006_58_openssl.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 ST 1016943 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 SGI SAID Secunia Advisory: SA25889 Secunia Advisory: SA24930 Secunia Advisory: SA24950 Secunia Advisory: SA23915 Secunia Advisory: SA23680 Secunia Advisory: SA23351 Secunia Advisory: SA23340 Secunia Advisory: SA23280 Secunia Advisory: SA23309 Secunia Advisory: SA22298 Secunia Advisory: SA23131 Secunia Advisory: SA23155 Secunia Advisory: SA23038 Secunia Advisory: SA22772 Secunia Advisory: SA22799 Secunia Advisory: SA22758 Secunia Advisory: SA22671 Secunia Advisory: SA22487 Secunia Advisory: SA22626 Secunia Advisory: SA22544 Secunia Advisory: SA22460 Secunia Advisory: SA22385 Secunia Advisory: SA22330 Secunia Advisory: SA22284 Secunia Advisory: SA22220 Secunia Advisory: SA22116 Secunia Advisory: SA22216 Secunia Advisory: SA22240 Secunia Advisory: SA22212 Secunia Advisory: SA22172 Secunia Advisory: SA22166 Secunia Advisory: SA22260 Secunia Advisory: SA22259 Secunia Advisory: SA22207 Secunia Advisory: SA22193 Secunia Advisory: SA22186 Secunia Advisory: SA22165 Secunia Advisory: SA22094 Secunia Advisory: SA22130 Secunia Advisory: SA26329 Secunia Advisory: SA30124 Secunia Advisory: SA31531 Secunia Advisory: SA31492 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.redhat.com/support/errata/RHSA-2006-0695.html OSVDB 29260 OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html OPENBSD http://openbsd.org/errata.html#openssl2 NETBSD MLIST http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2 http://lists.vmware.com/pipermail/security-announce/2008/000008.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml http://security.gentoo.org/glsa/glsa-200610-11.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc DEBIAN http://www.debian.org/security/2006/dsa-1185 CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://support.attachmate.com/techdocs/2374.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf http://issues.rpath.com/browse/RPL-613 http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://docs.info.apple.com/article.html?artnum=304829 http://www.f-secure.com/security/fsc-2006-6.shtml http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf http://kolab.org/security/kolab-vendor-notice-11.txt http://openvpn.net/changelog.html http://www.serv-u.com/releasenotes/ http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf http://www.openssl.org/news/secadv_20060928.txt CISCO http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml CERT-VN 247744 CERT http://www.us-cert.gov/cas/techalerts/TA06-333A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded BID 20248 28276 APPLE http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Return to the previous page.