CVE - CVE-2006-2937

CVE-ID
CVE-2006-2937	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070110 VMware ESX server security updates URL:http://www.securityfocus.com/archive/1/456546/100/200/threaded BUGTRAQ:20060928 rPSA-2006-0175-1 openssl openssl-scripts URL:http://www.securityfocus.com/archive/1/447318/100/0/threaded BUGTRAQ:20060929 rPSA-2006-0175-2 openssl openssl-scripts URL:http://www.securityfocus.com/archive/1/447393/100/0/threaded BUGTRAQ:20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues URL:http://www.securityfocus.com/archive/1/489739/100/0/threaded FULLDISC:20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html MLIST:[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] URL:http://marc.info/?l=bind-announce&m=116253119512445&w=2 MLIST:[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues URL:http://lists.vmware.com/pipermail/security-announce/2008/000008.html CONFIRM:http://www.openssl.org/news/secadv_20060928.txt CONFIRM:http://kolab.org/security/kolab-vendor-notice-11.txt CONFIRM:http://openvpn.net/changelog.html CONFIRM:http://www.serv-u.com/releasenotes/ CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm CONFIRM:http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf CONFIRM:http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 CONFIRM:http://docs.info.apple.com/article.html?artnum=304829 CONFIRM:http://www.f-secure.com/security/fsc-2006-6.shtml CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm CONFIRM:http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html CONFIRM:http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html CONFIRM:http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html CONFIRM:http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CONFIRM:http://issues.rpath.com/browse/RPL-613 CONFIRM:http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0005.html CONFIRM:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM:http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM:http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM:http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM:http://support.attachmate.com/techdocs/2374.html APPLE:APPLE-SA-2006-11-28 URL:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html CISCO:20061108 Multiple Vulnerabilities in OpenSSL library URL:http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml CISCO:20061108 Multiple Vulnerabilities in OpenSSL Library URL:http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html DEBIAN:DSA-1185 URL:http://www.debian.org/security/2006/dsa-1185 FREEBSD:FreeBSD-SA-06:23.openssl URL:http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc GENTOO:GLSA-200610-11 URL:http://security.gentoo.org/glsa/glsa-200610-11.xml GENTOO:GLSA-200612-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml HP:HPSBUX02174 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HP:SSRT061239 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HP:HPSBUX02186 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HP:SSRT071299 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HP:HPSBTU02207 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HP:SSRT061213 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HP:SSRT071304 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HP:HPSBMA02250 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 HP:SSRT061275 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 HP:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 HP:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MANDRIVA:MDKSA-2006:172 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 MANDRIVA:MDKSA-2006:177 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 MANDRIVA:MDKSA-2006:178 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 NETBSD:NetBSD-SA2008-007 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc OPENBSD:[3.9] 20061007 013: SECURITY FIX: October 7, 2006 URL:http://openbsd.org/errata.html#openssl2 OPENPKG:OpenPKG-SA-2006.021 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html REDHAT:RHSA-2006:0695 URL:http://www.redhat.com/support/errata/RHSA-2006-0695.html REDHAT:RHSA-2008:0629 URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html SGI:20061001-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SLACKWARE:SSA:2006-272-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 SUNALERT:102668 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 SUNALERT:102747 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1 SUNALERT:200585 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1 SUNALERT:201534 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 SUSE:SUSE-SA:2006:058 URL:http://www.novell.com/linux/security/advisories/2006_58_openssl.html SUSE:SUSE-SR:2006:024 URL:http://www.novell.com/linux/security/advisories/2006_24_sr.html TRUSTIX:2006-0054 URL:http://www.trustix.org/errata/2006/0054 UBUNTU:USN-353-1 URL:http://www.ubuntu.com/usn/usn-353-1 CERT:TA06-333A URL:http://www.us-cert.gov/cas/techalerts/TA06-333A.html CERT-VN:VU#247744 URL:http://www.kb.cert.org/vuls/id/247744 BID:20248 URL:http://www.securityfocus.com/bid/20248 BID:28276 URL:http://www.securityfocus.com/bid/28276 OVAL:oval:org.mitre.oval:def:10560 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560 VUPEN:ADV-2006-3820 URL:http://www.vupen.com/english/advisories/2006/3820 VUPEN:ADV-2006-3860 URL:http://www.vupen.com/english/advisories/2006/3860 VUPEN:ADV-2006-3902 URL:http://www.vupen.com/english/advisories/2006/3902 VUPEN:ADV-2006-3869 URL:http://www.vupen.com/english/advisories/2006/3869 VUPEN:ADV-2006-3936 URL:http://www.vupen.com/english/advisories/2006/3936 VUPEN:ADV-2006-4019 URL:http://www.vupen.com/english/advisories/2006/4019 VUPEN:ADV-2006-4036 URL:http://www.vupen.com/english/advisories/2006/4036 VUPEN:ADV-2006-4264 URL:http://www.vupen.com/english/advisories/2006/4264 VUPEN:ADV-2006-4327 URL:http://www.vupen.com/english/advisories/2006/4327 VUPEN:ADV-2006-4329 URL:http://www.vupen.com/english/advisories/2006/4329 VUPEN:ADV-2006-4417 URL:http://www.vupen.com/english/advisories/2006/4417 VUPEN:ADV-2006-4401 URL:http://www.vupen.com/english/advisories/2006/4401 VUPEN:ADV-2006-4750 URL:http://www.vupen.com/english/advisories/2006/4750 VUPEN:ADV-2006-4761 URL:http://www.vupen.com/english/advisories/2006/4761 VUPEN:ADV-2006-4980 URL:http://www.vupen.com/english/advisories/2006/4980 VUPEN:ADV-2007-0343 URL:http://www.vupen.com/english/advisories/2007/0343 VUPEN:ADV-2007-1401 URL:http://www.vupen.com/english/advisories/2007/1401 VUPEN:ADV-2007-2315 URL:http://www.vupen.com/english/advisories/2007/2315 VUPEN:ADV-2007-2783 URL:http://www.vupen.com/english/advisories/2007/2783 VUPEN:ADV-2008-0905 URL:http://www.vupen.com/english/advisories/2008/0905/references VUPEN:ADV-2008-2396 URL:http://www.vupen.com/english/advisories/2008/2396 OSVDB:29260 URL:http://www.osvdb.org/29260 SECTRACK:1016943 URL:http://securitytracker.com/id?1016943 SECUNIA:22130 URL:http://secunia.com/advisories/22130 SECUNIA:22094 URL:http://secunia.com/advisories/22094 SECUNIA:22165 URL:http://secunia.com/advisories/22165 SECUNIA:22186 URL:http://secunia.com/advisories/22186 SECUNIA:22193 URL:http://secunia.com/advisories/22193 SECUNIA:22207 URL:http://secunia.com/advisories/22207 SECUNIA:22259 URL:http://secunia.com/advisories/22259 SECUNIA:22260 URL:http://secunia.com/advisories/22260 SECUNIA:22166 URL:http://secunia.com/advisories/22166 SECUNIA:22172 URL:http://secunia.com/advisories/22172 SECUNIA:22212 URL:http://secunia.com/advisories/22212 SECUNIA:22240 URL:http://secunia.com/advisories/22240 SECUNIA:22216 URL:http://secunia.com/advisories/22216 SECUNIA:22116 URL:http://secunia.com/advisories/22116 SECUNIA:22220 URL:http://secunia.com/advisories/22220 SECUNIA:22284 URL:http://secunia.com/advisories/22284 SECUNIA:22330 URL:http://secunia.com/advisories/22330 SECUNIA:22385 URL:http://secunia.com/advisories/22385 SECUNIA:22460 URL:http://secunia.com/advisories/22460 SECUNIA:22544 URL:http://secunia.com/advisories/22544 SECUNIA:22626 URL:http://secunia.com/advisories/22626 SECUNIA:22487 URL:http://secunia.com/advisories/22487 SECUNIA:22671 URL:http://secunia.com/advisories/22671 SECUNIA:22758 URL:http://secunia.com/advisories/22758 SECUNIA:22799 URL:http://secunia.com/advisories/22799 SECUNIA:22772 URL:http://secunia.com/advisories/22772 SECUNIA:23038 URL:http://secunia.com/advisories/23038 SECUNIA:23155 URL:http://secunia.com/advisories/23155 SECUNIA:23131 URL:http://secunia.com/advisories/23131 SECUNIA:22298 URL:http://secunia.com/advisories/22298 SECUNIA:23309 URL:http://secunia.com/advisories/23309 SECUNIA:23280 URL:http://secunia.com/advisories/23280 SECUNIA:23340 URL:http://secunia.com/advisories/23340 SECUNIA:23351 URL:http://secunia.com/advisories/23351 SECUNIA:23680 URL:http://secunia.com/advisories/23680 SECUNIA:23915 URL:http://secunia.com/advisories/23915 SECUNIA:24950 URL:http://secunia.com/advisories/24950 SECUNIA:24930 URL:http://secunia.com/advisories/24930 SECUNIA:25889 URL:http://secunia.com/advisories/25889 SECUNIA:26329 URL:http://secunia.com/advisories/26329 SECUNIA:30124 URL:http://secunia.com/advisories/30124 SECUNIA:31531 URL:http://secunia.com/advisories/31531 SECUNIA:31492 URL:http://secunia.com/advisories/31492 XF:openssl-asn1-error-dos(29228) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
Assigning CNA
N/A
Date Entry Created
20060609	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060609)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org