Description
Reference

CVE-2006-2940 Information

Share on:

Feb 14, 2021 cve

Description

OpenSSL 0.9.7 before 0.9.7l 0.9.8 before 0.9.8d and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \public exponent\ or (2) \public modulus\ values in X.509 certificates that require extra time to process when using RSA signature verification.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=304829 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://issues.rpath.com/browse/RPL-613 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 http://kolab.org/security/kolab-vendor-notice-11.txt http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://marc.info/?l=bind-announce&m=116253119512445&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://openbsd.org/errata.htmlopenssl2 http://openvpn.net/changelog.html http://secunia.com/advisories/22094 http://secunia.com/advisories/22116 http://secunia.com/advisories/22130 http://secunia.com/advisories/22165 http://secunia.com/advisories/22166 http://secunia.com/advisories/22172 http://secunia.com/advisories/22186 http://secunia.com/advisories/22193 http://secunia.com/advisories/22207 http://secunia.com/advisories/22212 http://secunia.com/advisories/22216 http://secunia.com/advisories/22220 http://secunia.com/advisories/22240 http://secunia.com/advisories/22259 http://secunia.com/advisories/22260 http://secunia.com/advisories/22284 http://secunia.com/advisories/22298 http://secunia.com/advisories/22330 http://secunia.com/advisories/22385 http://secunia.com/advisories/22460 http://secunia.com/advisories/22487 http://secunia.com/advisories/22500 http://secunia.com/advisories/22544 http://secunia.com/advisories/22626 http://secunia.com/advisories/22671 http://secunia.com/advisories/22758 http://secunia.com/advisories/22772 http://secunia.com/advisories/22799 http://secunia.com/advisories/23038 http://secunia.com/advisories/23155 http://secunia.com/advisories/23280 http://secunia.com/advisories/23309 http://secunia.com/advisories/23340 http://secunia.com/advisories/23351 http://secunia.com/advisories/23680 http://secunia.com/advisories/23794 http://secunia.com/advisories/23915 http://secunia.com/advisories/24930 http://secunia.com/advisories/24950 http://secunia.com/advisories/25889 http://secunia.com/advisories/26329 http://secunia.com/advisories/26893 http://secunia.com/advisories/30124 http://secunia.com/advisories/31492 http://secunia.com/advisories/31531 http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc http://security.gentoo.org/glsa/glsa-200610-11.xml http://securitytracker.com/id?1016943 http://securitytracker.com/id?1017522 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 http://support.attachmate.com/techdocs/2374.html http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml http://www.debian.org/security/2006/dsa-1185 http://www.debian.org/security/2006/dsa-1195 http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 http://www.novell.com/linux/security/advisories/2006_24_sr.html http://www.novell.com/linux/security/advisories/2006_58_openssl.html http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html http://www.openssl.org/news/secadv_20060928.txt http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.osvdb.org/29261 http://www.redhat.com/support/errata/RHSA-2006-0695.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.securityfocus.com/archive/1/447318/100/0/threaded http://www.securityfocus.com/archive/1/447393/100/0/threaded http://www.securityfocus.com/archive/1/456546/100/200/threaded http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/20247 http://www.securityfocus.com/bid/22083 http://www.securityfocus.com/bid/28276 http://www.serv-u.com/releasenotes/ http://www.trustix.org/errata/2006/0054 http://www.ubuntu.com/usn/usn-353-1 http://www.ubuntu.com/usn/usn-353-2 http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://www.vupen.com/english/advisories/2006/3820 http://www.vupen.com/english/advisories/2006/3860 http://www.vupen.com/english/advisories/2006/3869 http://www.vupen.com/english/advisories/2006/3902 http://www.vupen.com/english/advisories/2006/3936 http://www.vupen.com/english/advisories/2006/4019 http://www.vupen.com/english/advisories/2006/4036 http://www.vupen.com/english/advisories/2006/4264 http://www.vupen.com/english/advisories/2006/4327 http://www.vupen.com/english/advisories/2006/4329 http://www.vupen.com/english/advisories/2006/4401 http://www.vupen.com/english/advisories/2006/4417 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2006/4980 http://www.vupen.com/english/advisories/2007/0343 http://www.vupen.com/english/advisories/2007/1401 http://www.vupen.com/english/advisories/2007/2315 http://www.vupen.com/english/advisories/2007/2783 http://www.vupen.com/english/advisories/2008/0905/references http://www.vupen.com/english/advisories/2008/2396 http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/29230 https://issues.rpath.com/browse/RPL-1633 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10311 https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144