CVE-2006-2937
published 2006-09-28CVE-2006-2937: OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed…
PriorityP432high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
10.63%
95.2th percentile
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.8c-2 (bookworm) | openssl 0.9.8c-2 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.8c-2 | 0.9.8c-2 |
| openssl | openssl | >= 0 < 0.9.8c-2 | 0.9.8c-2 |
| openssl | openssl | >= 0 < 0.9.8c-2 | 0.9.8c-2 |
| openssl | openssl | >= 0 < 0.9.8c-2 | 0.9.8c-2 |
| vmware | vmware_fusion | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_cisco7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
vendor_vmware·2008-03-17·CVSS 6.9
CVE-2006-2937 [MEDIUM] Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
VMSA-2008-0005: Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
a. Host to guest shared folder (HGFS) traversal vulnerability On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host's file system and create or modify executable files in sensitive locations. NOTE: VMware Server is not affected because it doesn't use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn't include any shared folder abilities. Fusion and Linux based hosted product
Cisco
Multiple Vulnerabilities in OpenSSL Library
vendor_cisco·2006-11-08·CVSS 7.8
CVE-2006-4339 [HIGH] Multiple Vulnerabilities in OpenSSL Library
Multiple Vulnerabilities in OpenSSL Library
This is the Cisco PSIRT response to the multiple security advisories published by The OpenSSL Project. The vulnerabilities are as follows:
RSA Signature Forgery (CVE-2006-4339), described in http://www.openssl.org/news/secadv_20060905.txt
ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940), described in http://www.openssl.org/news/secadv_20060928.txt
SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738), also in http://www.openssl.org/news/secadv_20060928.txt
SSLv2 Client Crash (CVE-2006-4343), also in http://www.openssl.org/news/secadv_20060928.txt
As of this publication, there are no workarounds available for any of these vulnerabilities, but it may be possible to mitigate some of the exposure. This Security Response lists the
Ubuntu
openssl vulnerabilities
vendor_ubuntu·2006-09-29·CVSS 7.8
CVE-2006-2937 [HIGH] openssl vulnerabilities
Title: openssl vulnerabilities
Summary: openssl vulnerabilities
Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)
Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim
BSD
FreeBSD-SA-06:23.openssl: Multiple problems in crypto(3)
bsd_advisories·2006-09-28·CVSS 7.8
CVE-2006-2937 [HIGH] FreeBSD-SA-06:23.openssl: Multiple problems in crypto(3)
FreeBSD-SA-06:23.openssl Security Advisory
The FreeBSD Project
Topic: Multiple problems in crypto(3)
Category: contrib
Module: openssl
Announced: 2006-09-28
Credits: Dr S N Henson, Tavis Ormandy, Will Drewry
Stephen Kiernan (Juniper SIRT)
Affects: All FreeBSD releases.
Corrected: 2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE)
2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9)
2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14)
2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE)
2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7)
2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21)
2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36)
2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE)
2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24)
CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-200
Red Hat
openssl ASN.1 DoS
vendor_redhat·2006-09-28·CVSS 7.8
CVE-2006-2937 [HIGH] openssl ASN.1 DoS
openssl ASN.1 DoS
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-2937: openssl - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c...
vendor_debian·2006·CVSS 7.8
CVE-2006-2937 [HIGH] CVE-2006-2937: openssl - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c...
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
Scope: local
bookworm: resolved (fixed in 0.9.8c-2)
bullseye: resolved (fixed in 0.9.8c-2)
forky: resolved (fixed in 0.9.8c-2)
sid: resolved (fixed in 0.9.8c-2)
trixie: resolved (fixed in 0.9.8c-2)
GHSA
GHSA-mwwc-2rmx-mj8j: OpenSSL 0
ghsa_unreviewed·2022-05-03
CVE-2006-2937 [HIGH] GHSA-mwwc-2rmx-mj8j: OpenSSL 0
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
OSV
CVE-2006-2937: OpenSSL 0
osv·2006-09-28·CVSS 7.8
CVE-2006-2937 [HIGH] CVE-2006-2937: OpenSSL 0
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-2937 openssl ASN.1 DoS
bugzilla·2008-01-29·CVSS 7.8
CVE-2006-2937 [HIGH] CVE-2006-2937 openssl ASN.1 DoS
CVE-2006-2937 openssl ASN.1 DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-2937 to the following vulnerability:
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
References:
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2
http://www.openssl.org/news/secadv_20060928.txt
http://kol
Bugzilla
CVE-2006-3738 OpenSSL issues (CVE-2006-4343, CVE-2006-2940, CVE-2006-2937, CVE-2006-4339)
bugzilla·2006-10-03·CVSS 7.8
CVE-2006-3738 [HIGH] CVE-2006-3738 OpenSSL issues (CVE-2006-4343, CVE-2006-2940, CVE-2006-2937, CVE-2006-4339)
CVE-2006-3738 OpenSSL issues (CVE-2006-4343, CVE-2006-2940, CVE-2006-2937, CVE-2006-4339)
+++ This bug was initially created as a clone of Bug #206940, Bug #207274,
and Bug #207276 +++
Four CVE issues:
-- Two from Bug #206940
1) Buffer Overflow: Tavis Ormandy and Will Drewry of the Google Security
Team discovered a buffer overflow in SSL_get_shared_ciphers utility
function, used by some applications such as exim and mysql. An attacker
could send a list of ciphers that would overrun a buffer. CVE-2006-3738
2) Denial of Service: Tavis Ormandy and Will Drewry of the Google Security
Team discovered a possible DoS in the sslv2 client code. Where a client
application uses OpenSSL to make a SSLv2 connection to a malicious server
that server could cause the client to crash. CVE-2006-4343
-- O
Bugzilla
CVE-2006-2937 OpenSSL ASN1 DoS
bugzilla·2006-09-20·CVSS 7.8
CVE-2006-2937 [HIGH] CVE-2006-2937 OpenSSL ASN1 DoS
CVE-2006-2937 OpenSSL ASN1 DoS
Dr S N Henson of the OpenSSL core team and Open Network Security recently
developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite
was run against OpenSSL a denial of service vulnerability was discovered.
During the parsing of certain invalid ASN1 structures an error condition is
mishandled. This can result in an infinite loop which consumes system memory.
CVE-2006-2938
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
affected. This includes SSL servers which enable client authentication and
S/MIME applications.
This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
Embargo until 20060928
Discussion:
Created attachment 136729
proposed patch CVE-2006-2937
---
removing embargo, public at http://www.op
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://docs.info.apple.com/article.html?artnum=304829http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771http://issues.rpath.com/browse/RPL-613http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540http://kolab.org/security/kolab-vendor-notice-11.txthttp://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000008.htmlhttp://marc.info/?l=bind-announce&m=116253119512445&w=2http://marc.info/?l=bugtraq&m=130497311408250&w=2http://openbsd.org/errata.html#openssl2http://openvpn.net/changelog.htmlhttp://secunia.com/advisories/22094http://secunia.com/advisories/22116http://secunia.com/advisories/22130http://secunia.com/advisories/22165http://secunia.com/advisories/22166http://secunia.com/advisories/22172http://secunia.com/advisories/22186http://secunia.com/advisories/22193http://secunia.com/advisories/22207http://secunia.com/advisories/22212http://secunia.com/advisories/22216http://secunia.com/advisories/22220http://secunia.com/advisories/22240http://secunia.com/advisories/22259http://secunia.com/advisories/22260http://secunia.com/advisories/22284http://secunia.com/advisories/22298http://secunia.com/advisories/22330http://secunia.com/advisories/22385http://secunia.com/advisories/22460http://secunia.com/advisories/22487http://secunia.com/advisories/22544http://secunia.com/advisories/22626http://secunia.com/advisories/22671http://secunia.com/advisories/22758http://secunia.com/advisories/22772http://secunia.com/advisories/22799http://secunia.com/advisories/23038http://secunia.com/advisories/23131http://secunia.com/advisories/23155http://secunia.com/advisories/23280http://secunia.com/advisories/23309http://secunia.com/advisories/23340http://secunia.com/advisories/23351http://secunia.com/advisories/23680http://secunia.com/advisories/23915http://secunia.com/advisories/24930http://secunia.com/advisories/24950http://secunia.com/advisories/25889http://secunia.com/advisories/26329http://secunia.com/advisories/30124http://secunia.com/advisories/31492http://secunia.com/advisories/31531http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.aschttp://security.gentoo.org/glsa/glsa-200610-11.xmlhttp://securitytracker.com/id?1016943http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1http://support.attachmate.com/techdocs/2374.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-220.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-260.htmhttp://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfhttp://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdfhttp://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlhttp://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlhttp://www.debian.org/security/2006/dsa-1185http://www.f-secure.com/security/fsc-2006-6.shtmlhttp://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlhttp://www.kb.cert.org/vuls/id/247744http://www.mandriva.com/security/advisories?name=MDKSA-2006:172http://www.mandriva.com/security/advisories?name=MDKSA-2006:177http://www.mandriva.com/security/advisories?name=MDKSA-2006:178http://www.novell.com/linux/security/advisories/2006_24_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_58_openssl.htmlhttp://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlhttp://www.openssl.org/news/secadv_20060928.txthttp://www.osvdb.org/29260http://www.redhat.com/support/errata/RHSA-2006-0695.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://www.securityfocus.com/archive/1/447318/100/0/threadedhttp://www.securityfocus.com/archive/1/447393/100/0/threadedhttp://www.securityfocus.com/archive/1/456546/100/200/threadedhttp://www.securityfocus.com/archive/1/489739/100/0/threadedhttp://www.securityfocus.com/bid/20248http://www.securityfocus.com/bid/28276http://www.serv-u.com/releasenotes/http://www.trustix.org/errata/2006/0054http://www.ubuntu.com/usn/usn-353-1http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vmware.com/security/advisories/VMSA-2008-0005.htmlhttp://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
+ 172 more references
2006-09-28
Published