7.8

CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.3
OpenSSLOpenSSL Version0.9.3a
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5 Updatebeta1
OpenSSLOpenSSL Version0.9.5 Updatebeta2
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.5a Updatebeta1
OpenSSLOpenSSL Version0.9.5a Updatebeta2
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6 Updatebeta1
OpenSSLOpenSSL Version0.9.6 Updatebeta2
OpenSSLOpenSSL Version0.9.6 Updatebeta3
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6a Updatebeta1
OpenSSLOpenSSL Version0.9.6a Updatebeta2
OpenSSLOpenSSL Version0.9.6a Updatebeta3
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.9% 0.91
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23794
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/bid/22083
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/23680
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://secunia.com/advisories/31492
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://openvpn.net/changelog.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23915
http://secunia.com/advisories/26893
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.vupen.com/english/advisories/2007/0343
https://issues.rpath.com/browse/RPL-1633
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/4750
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22487
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://secunia.com/advisories/26329
http://www.vupen.com/english/advisories/2007/2783
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://secunia.com/advisories/22259
Vendor Advisory
http://secunia.com/advisories/22260
Vendor Advisory
http://secunia.com/advisories/22284
Vendor Advisory
http://secunia.com/advisories/22671
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.serv-u.com/releasenotes/
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2008/0905/references
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
http://secunia.com/advisories/22298
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://secunia.com/advisories/22116
Vendor Advisory
http://secunia.com/advisories/23038
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://www.trustix.org/errata/2006/0054
http://www.vupen.com/english/advisories/2006/4401
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://openbsd.org/errata.html#openssl2
http://secunia.com/advisories/22094
Vendor Advisory
http://secunia.com/advisories/22130
Vendor Advisory
http://secunia.com/advisories/22165
Vendor Advisory
http://secunia.com/advisories/22166
Vendor Advisory
http://secunia.com/advisories/22172
Vendor Advisory
http://secunia.com/advisories/22186
Vendor Advisory
http://secunia.com/advisories/22193
Vendor Advisory
http://secunia.com/advisories/22207
Vendor Advisory
http://secunia.com/advisories/22212
Vendor Advisory
http://secunia.com/advisories/22216
Vendor Advisory
http://secunia.com/advisories/22220
Vendor Advisory
http://secunia.com/advisories/22240
Vendor Advisory
http://secunia.com/advisories/22330
Vendor Advisory
http://secunia.com/advisories/22385
Vendor Advisory
http://secunia.com/advisories/22460
Vendor Advisory
http://secunia.com/advisories/22544
Vendor Advisory
http://secunia.com/advisories/22626
http://secunia.com/advisories/22772
http://secunia.com/advisories/23309
http://secunia.com/advisories/23351
http://secunia.com/advisories/25889
http://secunia.com/advisories/30124
http://secunia.com/advisories/31531
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://securitytracker.com/id?1016943
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.debian.org/security/2006/dsa-1185
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.openssl.org/news/secadv_20060928.txt
http://www.redhat.com/support/errata/RHSA-2006-0695.html
Vendor Advisory
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.ubuntu.com/usn/usn-353-1
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2008/2396
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
http://secunia.com/advisories/22500
Vendor Advisory
http://www.debian.org/security/2006/dsa-1195
http://www.osvdb.org/29261
http://www.securityfocus.com/bid/20247
http://www.ubuntu.com/usn/usn-353-2
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311