← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

PublicDate: 2006-09-28
Candidate: CVE-2006-2940
References:
 http://www.ubuntu.com/usn/usn-353-1
 http://www.ubuntu.com/usn/usn-353-2
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
Description:
 OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
 allows attackers to cause a denial of service (CPU consumption) via
 parasitic public keys with large (1) "public exponent" or (2) "public
 modulus" values in X.509 certificates that require extra time to process
 when using RSA signature verification.
Ubuntu-Description:
Notes:
Bugs:
dapper_openssl097: released (0.9.7g-5ubuntu1.1)
edgy_openssl097: released (0.9.7k-3)
feisty_openssl097: released (0.9.7k-3)
devel_openssl097: released (0.9.7k-3)
dapper_openssl: released (0.9.8a-7ubuntu0.3)
edgy_openssl: released (0.9.8b-2ubuntu2)
feisty_openssl: released (0.9.8b-2ubuntu2)
devel_openssl: released (0.9.8b-2ubuntu2)
upstream_openssl: 
upstream_openssl097: