CVE-2006-2940

OpenSSL 0.9.7-0.9.7k and 0.9.8-0.9.8c - Denial of Service via Large RSA Public Key Parameters

Title source: llm
STIX 2.1

Description

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

References (142)

Core 142
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22212
Various Sources x_refsource_confirm
http://support.attachmate.com/techdocs/2374.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22116
Various Sources x_refsource_confirm
http://openvpn.net/changelog.html
Various Sources vendor-advisory x_refsource_hp
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0695.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447318/100/0/threaded
Various Sources x_refsource_confirm
http://www.serv-u.com/releasenotes/
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20060928.txt
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1633
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-353-2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4750
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23915
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016943
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23038
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2006/0054
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1195
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23309
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26893
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4401
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-353-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22166
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23340
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22385
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_24_sr.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22758
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22487
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22772
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31531
Various Sources vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22165
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=304829
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23794
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22220
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23680
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25889
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4036
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4019
Various Sources vendor-advisory x_refsource_openbsd
http://openbsd.org/errata.html#openssl2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30124
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22626
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22083
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23351
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3869
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22671
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22544
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22298
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22130
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31492
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4329
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22284
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24930
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4327
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0629.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200610-11.xml
Issue Tracking x_refsource_confirm
http://issues.rpath.com/browse/RPL-613
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26329
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22260
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0343
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3860
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23280
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4264
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22193
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2396
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23155
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22799
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4417
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=bind-announce&m=116253119512445&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22094
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22186
Various Sources x_refsource_confirm
http://kolab.org/security/kolab-vendor-notice-11.txt
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2315
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22500
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22216
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3820
Various Sources mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
Vendor Advisory vendor-advisory x_refsource_openpkg
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0905/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1401
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20247
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29261
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456546/100/200/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447393/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3936
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4980
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22240
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22330
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1185
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22207
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017522
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3902
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2783
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22259
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22172
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28276
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24950

Scores

EPSS 0.0291
EPSS Percentile 86.5%

Details

CWE
CWE-399
Status published
Products (37)
openssl/openssl 0.9.1c
openssl/openssl 0.9.2b
openssl/openssl 0.9.3
openssl/openssl 0.9.3a
openssl/openssl 0.9.4
openssl/openssl 0.9.5 (3 CPE variants)
openssl/openssl 0.9.5a (3 CPE variants)
openssl/openssl 0.9.6 (4 CPE variants)
openssl/openssl 0.9.6a (4 CPE variants)
openssl/openssl 0.9.6b
... and 27 more
Published Sep 28, 2006
Tracked Since Feb 18, 2026