1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
PublicDate: 2006-09-28
Candidate: CVE-2006-2940
References:
http://www.ubuntu.com/usn/usn-353-1
http://www.ubuntu.com/usn/usn-353-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
Description:
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
allows attackers to cause a denial of service (CPU consumption) via
parasitic public keys with large (1) "public exponent" or (2) "public
modulus" values in X.509 certificates that require extra time to process
when using RSA signature verification.
Ubuntu-Description:
Notes:
Bugs:
dapper_openssl097: released (0.9.7g-5ubuntu1.1)
edgy_openssl097: released (0.9.7k-3)
feisty_openssl097: released (0.9.7k-3)
devel_openssl097: released (0.9.7k-3)
dapper_openssl: released (0.9.8a-7ubuntu0.3)
edgy_openssl: released (0.9.8b-2ubuntu2)
feisty_openssl: released (0.9.8b-2ubuntu2)
devel_openssl: released (0.9.8b-2ubuntu2)
upstream_openssl:
upstream_openssl097:
|