Back to search
CVE-2006-2940
Published: Sep 28, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDKSA-2006:172
vendor-advisory
x_refsource_MANDRIVA
22212
third-party-advisory
x_refsource_SECUNIA
USN-353-2
vendor-advisory
x_refsource_UBUNTU
http://support.attachmate.com/techdocs/2374.html
x_refsource_CONFIRM
ADV-2006-4750
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
x_refsource_CONFIRM
23915
third-party-advisory
x_refsource_SECUNIA
201534
vendor-advisory
x_refsource_SUNALERT
HPSBMA02250
vendor-advisory
x_refsource_HP
1016943
vdb-entry
x_refsource_SECTRACK
23038
third-party-advisory
x_refsource_SECUNIA
2006-0054
vendor-advisory
x_refsource_TRUSTIX
DSA-1195
vendor-advisory
x_refsource_DEBIAN
23309
third-party-advisory
x_refsource_SECUNIA
26893
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
x_refsource_CONFIRM
ADV-2006-4401
vdb-entry
x_refsource_VUPEN
USN-353-1
vendor-advisory
x_refsource_UBUNTU
22116
third-party-advisory
x_refsource_SECUNIA
SSRT071304
vendor-advisory
x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
x_refsource_CONFIRM
GLSA-200612-11
vendor-advisory
x_refsource_GENTOO
22166
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0695
vendor-advisory
x_refsource_REDHAT
23340
third-party-advisory
x_refsource_SECUNIA
22385
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2006:024
vendor-advisory
x_refsource_SUSE
22758
third-party-advisory
x_refsource_SECUNIA
22487
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2006:058
vendor-advisory
x_refsource_SUSE
22772
third-party-advisory
x_refsource_SECUNIA
SSRT071299
vendor-advisory
x_refsource_HP
31531
third-party-advisory
x_refsource_SECUNIA
FreeBSD-SA-06:23.openssl
vendor-advisory
x_refsource_FREEBSD
22165
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829
x_refsource_CONFIRM
20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
mailing-list
x_refsource_FULLDISC
23794
third-party-advisory
x_refsource_SECUNIA
SSRT090208
vendor-advisory
x_refsource_HP
22220
third-party-advisory
x_refsource_SECUNIA
23680
third-party-advisory
x_refsource_SECUNIA
http://openvpn.net/changelog.html
x_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1633
x_refsource_CONFIRM
25889
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4036
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:10311
vdb-entry
signature
x_refsource_OVAL
ADV-2006-4019
vdb-entry
x_refsource_VUPEN
[3.9] 20061007 013: SECURITY FIX: October 7, 2006
vendor-advisory
x_refsource_OPENBSD
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
30124
third-party-advisory
x_refsource_SECUNIA
22626
third-party-advisory
x_refsource_SECUNIA
openssl-publickey-dos(29230)
vdb-entry
x_refsource_XF
22083
vdb-entry
x_refsource_BID
MDKSA-2006:178
vendor-advisory
x_refsource_MANDRIVA
23351
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3869
vdb-entry
x_refsource_VUPEN
22671
third-party-advisory
x_refsource_SECUNIA
22544
third-party-advisory
x_refsource_SECUNIA
22298
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
22130
third-party-advisory
x_refsource_SECUNIA
31492
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4329
vdb-entry
x_refsource_VUPEN
22284
third-party-advisory
x_refsource_SECUNIA
24930
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4327
vdb-entry
x_refsource_VUPEN
RHSA-2008:0629
vendor-advisory
x_refsource_REDHAT
GLSA-200610-11
vendor-advisory
x_refsource_GENTOO
http://issues.rpath.com/browse/RPL-613
x_refsource_CONFIRM
26329
third-party-advisory
x_refsource_SECUNIA
22260
third-party-advisory
x_refsource_SECUNIA
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
x_refsource_CONFIRM
ADV-2007-0343
vdb-entry
x_refsource_VUPEN
ADV-2006-3860
vdb-entry
x_refsource_VUPEN
23280
third-party-advisory
x_refsource_SECUNIA
20060928 rPSA-2006-0175-1 openssl openssl-scripts
mailing-list
x_refsource_BUGTRAQ
SSRT061213
vendor-advisory
x_refsource_HP
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
x_refsource_CONFIRM
ADV-2006-4264
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
22193
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
x_refsource_CONFIRM
ADV-2008-2396
vdb-entry
x_refsource_VUPEN
23155
third-party-advisory
x_refsource_SECUNIA
22799
third-party-advisory
x_refsource_SECUNIA
200585
vendor-advisory
x_refsource_SUNALERT
SSA:2006-272-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2006-4417
vdb-entry
x_refsource_VUPEN
HPSBUX02186
vendor-advisory
x_refsource_HP
HPSBOV02683
vendor-advisory
x_refsource_HP
http://www.serv-u.com/releasenotes/
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
x_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
x_refsource_CONFIRM
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
mailing-list
x_refsource_MLIST
22094
third-party-advisory
x_refsource_SECUNIA
22186
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060928.txt
x_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-11.txt
x_refsource_CONFIRM
ADV-2007-2315
vdb-entry
x_refsource_VUPEN
22500
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2006-11-28
vendor-advisory
x_refsource_APPLE
TA06-333A
third-party-advisory
x_refsource_CERT
22216
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3820
vdb-entry
x_refsource_VUPEN
HPSBUX02174
vendor-advisory
x_refsource_HP
OpenPKG-SA-2006.021
vendor-advisory
x_refsource_OPENPKG
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
102747
vendor-advisory
x_refsource_SUNALERT
ADV-2008-0905
vdb-entry
x_refsource_VUPEN
ADV-2007-1401
vdb-entry
x_refsource_VUPEN
20247
vdb-entry
x_refsource_BID
29261
vdb-entry
x_refsource_OSVDB
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
x_refsource_CONFIRM
SSRT061275
vendor-advisory
x_refsource_HP
20070110 VMware ESX server security updates
mailing-list
x_refsource_BUGTRAQ
20060929 rPSA-2006-0175-2 openssl openssl-scripts
mailing-list
x_refsource_BUGTRAQ
ADV-2006-3936
vdb-entry
x_refsource_VUPEN
ADV-2006-4980
vdb-entry
x_refsource_VUPEN
22240
third-party-advisory
x_refsource_SECUNIA
22330
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
x_refsource_CONFIRM
HPSBTU02207
vendor-advisory
x_refsource_HP
DSA-1185
vendor-advisory
x_refsource_DEBIAN
22207
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:177
vendor-advisory
x_refsource_MANDRIVA
1017522
vdb-entry
x_refsource_SECTRACK
20061108 Multiple Vulnerabilities in OpenSSL Library
vendor-advisory
x_refsource_CISCO
ADV-2006-3902
vdb-entry
x_refsource_VUPEN
ADV-2007-2783
vdb-entry
x_refsource_VUPEN
22259
third-party-advisory
x_refsource_SECUNIA
22460
third-party-advisory
x_refsource_SECUNIA
22172
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
x_refsource_CONFIRM
SSRT061239
vendor-advisory
x_refsource_HP
28276
vdb-entry
x_refsource_BID
102668
vendor-advisory
x_refsource_SUNALERT
20061108 Multiple Vulnerabilities in OpenSSL library
vendor-advisory
x_refsource_CISCO
24950
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now