FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-2940

This CVE name corresponds to:

Entered Topic
2007-02-26 OpenSSL -- Multiple problems in crypto(3)

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-2940 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-2940
Phase Assigned(20060609)

Description

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

References

Source Reference
BUGTRAQ 20070110 VMware ESX server security updates
BUGTRAQ 20060928 rPSA-2006-0175-1 openssl openssl-scripts
BUGTRAQ 20060929 rPSA-2006-0175-2 openssl openssl-scripts
BUGTRAQ 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
FULLDISC 20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
MLIST [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
MLIST [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
MISC http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
CONFIRM http://www.openssl.org/news/secadv_20060928.txt
CONFIRM http://kolab.org/security/kolab-vendor-notice-11.txt
CONFIRM http://openvpn.net/changelog.html
CONFIRM http://www.serv-u.com/releasenotes/
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
CONFIRM http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
CONFIRM http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
CONFIRM http://docs.info.apple.com/article.html?artnum=304829
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
CONFIRM http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
CONFIRM http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
CONFIRM http://issues.rpath.com/browse/RPL-613
CONFIRM http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
CONFIRM https://issues.rpath.com/browse/RPL-1633
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0005.html
CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html
CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html
CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html
CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
CONFIRM http://support.attachmate.com/techdocs/2374.html
APPLE APPLE-SA-2006-11-28
CISCO 20061108 Multiple Vulnerabilities in OpenSSL library
CISCO 20061108 Multiple Vulnerabilities in OpenSSL Library
DEBIAN DSA-1185
DEBIAN DSA-1195
FREEBSD FreeBSD-SA-06:23.openssl
GENTOO GLSA-200610-11
GENTOO GLSA-200612-11
HP HPSBUX02174
HP SSRT061239
HP HPSBUX02186
HP SSRT071299
HP HPSBTU02207
HP SSRT061213
HP SSRT071304
HP HPSBMA02250
HP SSRT061275
HP HPSBOV02683
HP SSRT090208
MANDRIVA MDKSA-2006:172
MANDRIVA MDKSA-2006:177
MANDRIVA MDKSA-2006:178
NETBSD NetBSD-SA2008-007
OPENBSD [3.9] 20061007 013: SECURITY FIX: October 7, 2006
OPENPKG OpenPKG-SA-2006.021
REDHAT RHSA-2006:0695
REDHAT RHSA-2008:0629
SGI 20061001-01-P
SLACKWARE SSA:2006-272-01
SUNALERT 102668
SUNALERT 102747
SUNALERT 200585
SUNALERT 201534
SUSE SUSE-SA:2006:058
SUSE SUSE-SR:2006:024
TRUSTIX 2006-0054
UBUNTU USN-353-1
UBUNTU USN-353-2
CERT TA06-333A
BID 20247
BID 22083
BID 28276
OVAL oval:org.mitre.oval:def:10311
VUPEN ADV-2006-3820
VUPEN ADV-2006-3860
VUPEN ADV-2006-3902
VUPEN ADV-2006-3869
VUPEN ADV-2006-3936
VUPEN ADV-2006-4019
VUPEN ADV-2006-4036
VUPEN ADV-2006-4264
VUPEN ADV-2006-4327
VUPEN ADV-2006-4329
VUPEN ADV-2006-4417
VUPEN ADV-2006-4401
VUPEN ADV-2006-4750
VUPEN ADV-2006-4980
VUPEN ADV-2007-0343
VUPEN ADV-2007-1401
VUPEN ADV-2007-2315
VUPEN ADV-2007-2783
VUPEN ADV-2008-0905
VUPEN ADV-2008-2396
OSVDB 29261
SECTRACK 1016943
SECTRACK 1017522
SECUNIA 22130
SECUNIA 22094
SECUNIA 22165
SECUNIA 22186
SECUNIA 22193
SECUNIA 22207
SECUNIA 22259
SECUNIA 22260
SECUNIA 22166
SECUNIA 22172
SECUNIA 22212
SECUNIA 22240
SECUNIA 22216
SECUNIA 22116
SECUNIA 22220
SECUNIA 22284
SECUNIA 22330
SECUNIA 22385
SECUNIA 22460
SECUNIA 22500
SECUNIA 22544
SECUNIA 22626
SECUNIA 22487
SECUNIA 22671
SECUNIA 22758
SECUNIA 22799
SECUNIA 22772
SECUNIA 23038
SECUNIA 23155
SECUNIA 22298
SECUNIA 23309
SECUNIA 23280
SECUNIA 23340
SECUNIA 23351
SECUNIA 23680
SECUNIA 23794
SECUNIA 23915
SECUNIA 24950
SECUNIA 24930
SECUNIA 25889
SECUNIA 26329
SECUNIA 26893
SECUNIA 30124
SECUNIA 31531
SECUNIA 31492
XF openssl-publickey-dos(29230)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.