{ "threat_severity" : "Moderate", "public_date" : "2006-09-28T00:00:00Z", "bugzilla" : { "description" : "openssl public key DoS", "id" : "430654", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=430654" }, "details" : [ "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification." ], "statement" : "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "openssl-0:0.9.6b-46" }, { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "openssl095a-0:0.9.5a-32" }, { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "openssl096-0:0.9.6-32" }, { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "openssl-0:0.9.7a-33.21" }, { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "openssl096b-0:0.9.6b-16.46" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "openssl-0:0.9.7a-43.14" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2006-09-28T00:00:00Z", "advisory" : "RHSA-2006:0695", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "openssl096b-0:0.9.6b-22.46" }, { "product_name" : "Red Hat Network Satellite Server v 4.2", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el4", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 4.2", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el4", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el3", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el3", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 5.0", "release_date" : "2008-05-20T00:00:00Z", "advisory" : "RHSA-2008:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 5.0", "release_date" : "2008-05-20T00:00:00Z", "advisory" : "RHSA-2008:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2008-08-13T00:00:00Z", "advisory" : "RHSA-2008:0629", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "rhn-solaris-bootstrap-0:5.1.1-3" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2008-08-13T00:00:00Z", "advisory" : "RHSA-2008:0629", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "rhn_solaris_bootstrap_5_1_1_3-0:1-0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2006-2940\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-2940" ], "name" : "CVE-2006-2940", "csaw" : false }