Lucene search

PRIOn knowledge basePRION:CVE-2006-2940

HistorySep 28, 2006 - 6:07 p.m.

Code injection

2006-09-2818:07:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.076 Low

EPSS

Percentile

93.9%

JSON

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) “public exponent” or (2) “public modulus” values in X.509 certificates that require extra time to process when using RSA signature verification.

CPENameOperatorVersion
openssleq0.9.5a beta2
openssleq0.9.898
openssleq0.9.6105
openssleq0.9.3
openssleq0.9.899
openssleq0.9.799
openssleq0.9.5 beta1
openssleq0.9.6100
openssleq0.9.199
openssleq0.9.6

Name	Operator	Version
openssl	eq	0.9.5a beta2
openssl	eq	0.9.898
openssl	eq	0.9.6105
openssl	eq	0.9.3
openssl	eq	0.9.899
openssl	eq	0.9.799
openssl	eq	0.9.5 beta1
openssl	eq	0.9.6100
openssl	eq	0.9.199
openssl	eq	0.9.6

Rows per page:

1-10 of 471

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

docs.info.apple.com/article.html?artnum=304829

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771

issues.rpath.com/browse/RPL-613

itrc.hp.com/service/cki/docDisplay.do?docId=c00805100

itrc.hp.com/service/cki/docDisplay.do?docId=c00849540

kolab.org/security/kolab-vendor-notice-11.txt

lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html

lists.vmware.com/pipermail/security-announce/2008/000008.html

openbsd.org/errata.html

openvpn.net/changelog.html

secunia.com/advisories/22094

secunia.com/advisories/22116

secunia.com/advisories/22130

secunia.com/advisories/22165

secunia.com/advisories/22166

secunia.com/advisories/22172

secunia.com/advisories/22186

secunia.com/advisories/22193

secunia.com/advisories/22207

secunia.com/advisories/22212

secunia.com/advisories/22216

secunia.com/advisories/22220

secunia.com/advisories/22240

secunia.com/advisories/22259

secunia.com/advisories/22260

secunia.com/advisories/22284

secunia.com/advisories/22298

secunia.com/advisories/22330

secunia.com/advisories/22385

secunia.com/advisories/22460

secunia.com/advisories/22487

secunia.com/advisories/22500

secunia.com/advisories/22544

secunia.com/advisories/22626

secunia.com/advisories/22671

secunia.com/advisories/22758

secunia.com/advisories/22772

secunia.com/advisories/22799

secunia.com/advisories/23038

secunia.com/advisories/23155

secunia.com/advisories/23280

secunia.com/advisories/23309

secunia.com/advisories/23340

secunia.com/advisories/23351

secunia.com/advisories/23680

secunia.com/advisories/23794

secunia.com/advisories/23915

secunia.com/advisories/24930

secunia.com/advisories/24950

secunia.com/advisories/25889

secunia.com/advisories/26329

secunia.com/advisories/26893

secunia.com/advisories/30124

secunia.com/advisories/31492

secunia.com/advisories/31531

security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

security.gentoo.org/glsa/glsa-200610-11.xml

securitytracker.com/id?1016943

securitytracker.com/id?1017522

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946

sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1

support.attachmate.com/techdocs/2374.html

support.avaya.com/elmodocs2/security/ASA-2006-220.htm

support.avaya.com/elmodocs2/security/ASA-2006-260.htm

www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf

www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf

www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html

www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

www.debian.org/security/2006/dsa-1185

www.debian.org/security/2006/dsa-1195

www.gentoo.org/security/en/glsa/glsa-200612-11.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:172

www.mandriva.com/security/advisories?name=MDKSA-2006:177

www.mandriva.com/security/advisories?name=MDKSA-2006:178

www.novell.com/linux/security/advisories/2006_24_sr.html

www.novell.com/linux/security/advisories/2006_58_openssl.html

www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html

www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

www.osvdb.org/29261

www.redhat.com/support/errata/RHSA-2006-0695.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/447318/100/0/threaded

www.securityfocus.com/archive/1/447393/100/0/threaded

www.securityfocus.com/archive/1/456546/100/200/threaded

www.securityfocus.com/archive/1/489739/100/0/threaded

www.securityfocus.com/bid/20247

www.securityfocus.com/bid/22083

www.securityfocus.com/bid/28276

www.serv-u.com/releasenotes/

www.trustix.org/errata/2006/0054

www.ubuntu.com/usn/usn-353-1

www.ubuntu.com/usn/usn-353-2

www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en

www.us-cert.gov/cas/techalerts/TA06-333A.html

www.vmware.com/security/advisories/VMSA-2008-0005.html

www.vmware.com/support/ace2/doc/releasenotes_ace2.html

www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

www.vmware.com/support/player/doc/releasenotes_player.html

www.vmware.com/support/player2/doc/releasenotes_player2.html

www.vmware.com/support/server/doc/releasenotes_server.html

www.vmware.com/support/vi3/doc/esx-3069097-patch.html

www.vmware.com/support/vi3/doc/esx-9986131-patch.html

www.vmware.com/support/ws55/doc/releasenotes_ws55.html

www.vmware.com/support/ws6/doc/releasenotes_ws6.html

www.vupen.com/english/advisories/2006/3820

www.vupen.com/english/advisories/2006/3860

www.vupen.com/english/advisories/2006/3869

www.vupen.com/english/advisories/2006/3902

www.vupen.com/english/advisories/2006/3936

www.vupen.com/english/advisories/2006/4019

www.vupen.com/english/advisories/2006/4036

www.vupen.com/english/advisories/2006/4264

www.vupen.com/english/advisories/2006/4327

www.vupen.com/english/advisories/2006/4329

www.vupen.com/english/advisories/2006/4401

www.vupen.com/english/advisories/2006/4417

www.vupen.com/english/advisories/2006/4750

www.vupen.com/english/advisories/2006/4980

www.vupen.com/english/advisories/2007/0343

www.vupen.com/english/advisories/2007/1401

www.vupen.com/english/advisories/2007/2315

www.vupen.com/english/advisories/2007/2783

www.vupen.com/english/advisories/2008/0905/references

www.vupen.com/english/advisories/2008/2396

www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/29230

issues.rpath.com/browse/RPL-1633

marc.info/?l=bind-announce&m=116253119512445&w=2

marc.info/?l=bugtraq&m=130497311408250&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311

www.openssl.org/news/secadv_20060928.txt

www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.076 Low

EPSS

Percentile

93.9%

JSON

Related for PRION:CVE-2006-2940