NVD Vulnerability Detail

CVE-2006-2940

Summary	OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Publication Date	Sept. 29, 2006, 3:07 a.m.
Registration Date	Jan. 29, 2021, 3:39 p.m.
Last Update	Oct. 19, 2018, 1:44 a.m.

CVSS2.0 : HIGH
Score	7.8
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	NETBSD
2	ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	SGI
3	http://docs.info.apple.com/article.html?artnum=304829	CONFIRM
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771	HP
5	http://issues.rpath.com/browse/RPL-613	CONFIRM
6	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100	HP
7	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	HP
8	http://kolab.org/security/kolab-vendor-notice-11.txt	CONFIRM
9	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	APPLE
10	http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html	FULLDISC
11	http://lists.vmware.com/pipermail/security-announce/2008/000008.html	MLIST
12	http://marc.info/?l=bind-announce&m=116253119512445&w=2	MLIST
13	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP
14	http://openbsd.org/errata.html#openssl2	OPENBSD
15	http://openvpn.net/changelog.html	CONFIRM
16	http://secunia.com/advisories/22094	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/22116	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/22130	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/22165	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/22166	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/22172	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/22186	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/22193	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/22207	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/22212	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/22216	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/22220	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/22240	SECUNIA	Vendor Advisory
29	http://secunia.com/advisories/22259	SECUNIA	Vendor Advisory
30	http://secunia.com/advisories/22260	SECUNIA	Vendor Advisory
31	http://secunia.com/advisories/22284	SECUNIA	Vendor Advisory
32	http://secunia.com/advisories/22298	SECUNIA
33	http://secunia.com/advisories/22330	SECUNIA	Vendor Advisory
34	http://secunia.com/advisories/22385	SECUNIA	Vendor Advisory
35	http://secunia.com/advisories/22460	SECUNIA	Vendor Advisory
36	http://secunia.com/advisories/22487	SECUNIA
37	http://secunia.com/advisories/22500	SECUNIA	Vendor Advisory
38	http://secunia.com/advisories/22544	SECUNIA	Vendor Advisory
39	http://secunia.com/advisories/22626	SECUNIA
40	http://secunia.com/advisories/22671	SECUNIA
41	http://secunia.com/advisories/22758	SECUNIA
42	http://secunia.com/advisories/22772	SECUNIA
43	http://secunia.com/advisories/22799	SECUNIA
44	http://secunia.com/advisories/23038	SECUNIA
45	http://secunia.com/advisories/23155	SECUNIA
46	http://secunia.com/advisories/23280	SECUNIA
47	http://secunia.com/advisories/23309	SECUNIA
48	http://secunia.com/advisories/23340	SECUNIA
49	http://secunia.com/advisories/23351	SECUNIA
50	http://secunia.com/advisories/23680	SECUNIA
51	http://secunia.com/advisories/23794	SECUNIA
52	http://secunia.com/advisories/23915	SECUNIA
53	http://secunia.com/advisories/24930	SECUNIA
54	http://secunia.com/advisories/24950	SECUNIA
55	http://secunia.com/advisories/25889	SECUNIA
56	http://secunia.com/advisories/26329	SECUNIA
57	http://secunia.com/advisories/26893	SECUNIA
58	http://secunia.com/advisories/30124	SECUNIA
59	http://secunia.com/advisories/31492	SECUNIA
60	http://secunia.com/advisories/31531	SECUNIA
61	http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc	FREEBSD
62	http://security.gentoo.org/glsa/glsa-200610-11.xml	GENTOO
63	http://securitytracker.com/id?1016943	SECTRACK
64	http://securitytracker.com/id?1017522	SECTRACK
65	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946	SLACKWARE
66	http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227	CONFIRM
67	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1	SUNALERT
68	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1	SUNALERT
69	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1	SUNALERT
70	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1	SUNALERT
71	http://support.attachmate.com/techdocs/2374.html	CONFIRM
72	http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm	CONFIRM
73	http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm	CONFIRM
74	http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf	CONFIRM
75	http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf	CONFIRM
76	http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html	CISCO
77	http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml	CISCO
78	http://www.debian.org/security/2006/dsa-1185	DEBIAN
79	http://www.debian.org/security/2006/dsa-1195	DEBIAN
80	http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml	GENTOO
81	http://www.mandriva.com/security/advisories?name=MDKSA-2006:172	MANDRIVA
82	http://www.mandriva.com/security/advisories?name=MDKSA-2006:177	MANDRIVA
83	http://www.mandriva.com/security/advisories?name=MDKSA-2006:178	MANDRIVA
84	http://www.novell.com/linux/security/advisories/2006_24_sr.html	SUSE
85	http://www.novell.com/linux/security/advisories/2006_58_openssl.html	SUSE
86	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html	OPENPKG
87	http://www.openssl.org/news/secadv_20060928.txt	CONFIRM
88	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html	CONFIRM
89	http://www.osvdb.org/29261	OSVDB
90	http://www.redhat.com/support/errata/RHSA-2006-0695.html	REDHAT	Vendor Advisory
91	http://www.redhat.com/support/errata/RHSA-2008-0629.html	REDHAT
92	http://www.securityfocus.com/archive/1/447318/100/0/threaded	BUGTRAQ
93	http://www.securityfocus.com/archive/1/447393/100/0/threaded	BUGTRAQ
94	http://www.securityfocus.com/archive/1/456546/100/200/threaded	BUGTRAQ
95	http://www.securityfocus.com/archive/1/489739/100/0/threaded	BUGTRAQ
96	http://www.securityfocus.com/bid/20247	BID
97	http://www.securityfocus.com/bid/22083	BID
98	http://www.securityfocus.com/bid/28276	BID
99	http://www.serv-u.com/releasenotes/	CONFIRM
100	http://www.trustix.org/errata/2006/0054	TRUSTIX
101	http://www.ubuntu.com/usn/usn-353-1	UBUNTU
102	http://www.ubuntu.com/usn/usn-353-2	UBUNTU
103	http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en	MISC
104	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	CERT	US Government Resource
105	http://www.vmware.com/security/advisories/VMSA-2008-0005.html	CONFIRM
106	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	CONFIRM
107	http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html	CONFIRM
108	http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html	CONFIRM
109	http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html	CONFIRM
110	http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html	CONFIRM
111	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
112	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
113	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
114	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	CONFIRM
115	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	CONFIRM
116	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
117	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
118	http://www.vupen.com/english/advisories/2006/3820	VUPEN
119	http://www.vupen.com/english/advisories/2006/3860	VUPEN
120	http://www.vupen.com/english/advisories/2006/3869	VUPEN
121	http://www.vupen.com/english/advisories/2006/3902	VUPEN
122	http://www.vupen.com/english/advisories/2006/3936	VUPEN
123	http://www.vupen.com/english/advisories/2006/4019	VUPEN
124	http://www.vupen.com/english/advisories/2006/4036	VUPEN
125	http://www.vupen.com/english/advisories/2006/4264	VUPEN
126	http://www.vupen.com/english/advisories/2006/4327	VUPEN
127	http://www.vupen.com/english/advisories/2006/4329	VUPEN
128	http://www.vupen.com/english/advisories/2006/4401	VUPEN
129	http://www.vupen.com/english/advisories/2006/4417	VUPEN
130	http://www.vupen.com/english/advisories/2006/4750	VUPEN
131	http://www.vupen.com/english/advisories/2006/4980	VUPEN
132	http://www.vupen.com/english/advisories/2007/0343	VUPEN
133	http://www.vupen.com/english/advisories/2007/1401	VUPEN
134	http://www.vupen.com/english/advisories/2007/2315	VUPEN
135	http://www.vupen.com/english/advisories/2007/2783	VUPEN
136	http://www.vupen.com/english/advisories/2008/0905/references	VUPEN
137	http://www.vupen.com/english/advisories/2008/2396	VUPEN
138	http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf	CONFIRM
139	https://exchange.xforce.ibmcloud.com/vulnerabilities/29230	XF
140	https://issues.rpath.com/browse/RPL-1633	CONFIRM
141	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311	OVAL
142	https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144	HP

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*