Oval Definition:oval:org.mitre.oval:def:10311
Revision Date:2013-04-29Version:11
Title:OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Description:OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-2940
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • openssl-perl is earlier than 0:0.9.7a-33.21
  • OR openssl-devel is earlier than 0:0.9.7a-33.21
  • OR openssl is earlier than 0:0.9.7a-33.21
  • OR openssl096b is earlier than 0:0.9.6b-16.46
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • openssl-perl is earlier than 0:0.9.7a-43.14
  • OR openssl-devel is earlier than 0:0.9.7a-43.14
  • OR openssl is earlier than 0:0.9.7a-43.14
  • OR openssl096b is earlier than 0:0.9.6b-22.46
    • BACK