Executive Summary
Summary | |
---|---|
Title | Sun Alert 102747 Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications |
Informations | |||
---|---|---|---|
Name | SUN-102747 | First vendor Publication | 2007-11-08 |
Vendor | Sun | Last vendor Modification | 2007-11-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System, Solaris 10 Operating System Two security vulnerabilities in the OpenSSL product may lead to a Denial of Service (DoS) in applications which make use of this product. Depending on the individual application, these vulnerabilities may allow a local or remote unprivileged user to provide data to the application which will cause it to consume excessive amounts of CPU time or system memory. OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications. These issues are also referenced at the following URLs:
The WAN Boot application, which is shipped with Solaris 9 and Solaris 10, is impacted by these vulnerabilities. For more information, please see Sun Alert 102759. Avoidance: Patch State: Resolved First released: 12-Dec-2006 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102747_security_vulnerabilities |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10311 | |||
Oval ID: | oval:org.mitre.oval:def:10311 | ||
Title: | OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | ||
Description: | OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2940 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10560 | |||
Oval ID: | oval:org.mitre.oval:def:10560 | ||
Title: | OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | ||
Description: | OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2937 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-03 | Name : Solaris Update for Kernel 122300-48 File : nvt/gb_solaris_122300_48.nasl |
2010-02-03 | Name : Solaris Update for Kernel 122301-48 File : nvt/gb_solaris_122301_48.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122300-44 File : nvt/gb_solaris_122300_44.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122301-44 File : nvt/gb_solaris_122301_44.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114357-18 File : nvt/gb_solaris_114357_18.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114356-19 File : nvt/gb_solaris_114356_19.nasl |
2009-10-13 | Name : Solaris Update for pkg utilities 113713-28 File : nvt/gb_solaris_113713_28.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5018995.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5018586.nasl |
2009-09-23 | Name : Solaris Update for pkg utilities 114568-27 File : nvt/gb_solaris_114568_27.nasl |
2009-09-23 | Name : Solaris Update for Kernel 122301-42 File : nvt/gb_solaris_122301_42.nasl |
2009-06-03 | Name : Solaris Update for wanboot 122715-02 File : nvt/gb_solaris_122715_02.nasl |
2009-06-03 | Name : Solaris Update for bootconfchk 123376-01 File : nvt/gb_solaris_123376_01.nasl |
2009-06-03 | Name : Solaris Update for bootconfchk 123377-01 File : nvt/gb_solaris_123377_01.nasl |
2009-06-03 | Name : Solaris Update for kernel 127127-11 File : nvt/gb_solaris_127127_11.nasl |
2009-06-03 | Name : Solaris Update for kernel 127128-11 File : nvt/gb_solaris_127128_11.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122301-40 File : nvt/gb_solaris_122301_40.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122300-40 File : nvt/gb_solaris_122300_40.nasl |
2009-06-03 | Name : Solaris Update for kernel 120011-14 File : nvt/gb_solaris_120011_14.nasl |
2009-06-03 | Name : Solaris Update for wanboot 117123-08 File : nvt/gb_solaris_117123_08.nasl |
2009-06-03 | Name : Solaris Update for pkg utilities 114568-26 File : nvt/gb_solaris_114568_26.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114357-17 File : nvt/gb_solaris_114357_17.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114356-18 File : nvt/gb_solaris_114356_18.nasl |
2009-06-03 | Name : Solaris Update for pkg utilities 113713-27 File : nvt/gb_solaris_113713_27.nasl |
2009-05-05 | Name : HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186 File : nvt/gb_hp_ux_HPSBUX02186.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-11 (openssl) File : nvt/glsa_200610_11.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs) File : nvt/glsa_200612_11.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc) File : nvt/freebsdsa_openssl4.nasl |
2008-09-04 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1185-1 (openssl) File : nvt/deb_1185_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1195-1 (openssl096) File : nvt/deb_1195_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1185-2 (openssl) File : nvt/deb_1185_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-272-01 openssl File : nvt/esoft_slk_ssa_2006_272_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29261 | OpenSSL Crafted Public Key CPU Consumption DoS OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when large values in X.509 certificates require extra time to process, and may result in loss of availability for the service. |
29260 | OpenSSL Malformed ASN.1 Structure Resource Consumption DoS OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in processing malformed ASN.1 structures which may lead to infinite loop and consumption of memory, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-09-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8106.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6734.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0661.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_7l_0_9_8d.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO |
2008-04-02 | Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2008_0005.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-2175.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-2141.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-2163.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-522-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-353-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-353-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2349.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2162.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssl-2140.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-2171.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 122715-03 File : solaris9_x86_122715.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1379.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 117123-10 File : solaris9_117123.nasl - Type : ACT_GATHER_INFO |
2007-07-01 | Name : The remote multi-function device is affected by multiple issues. File : xerox_xrx07_001.nasl - Type : ACT_GATHER_INFO |
2007-02-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0f37d765c5d411db9f82000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_058.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-172.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-177.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-178.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1004.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200612-11.nasl - Type : ACT_GATHER_INFO |
2006-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-11.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1195.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1185.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0695.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-272-01.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113713-30 File : solaris9_113713.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114568-29 File : solaris9_x86_114568.nasl - Type : ACT_GATHER_INFO |