CVE-2006-5179 - Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of serv

CVE-2006-5179

Summary

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. It is reported that a patch may be obtained by contacting Intoto at the following email address: support@intoto.com

References

Vulnerable Configurations

cpe:2.3:h:intoto:igateway_ssl-vpn:*:*:*:*:*:*:*:*
cpe:2.3:h:intoto:igateway_ssl-vpn:*:*:*:*:*:*:*:*
cpe:2.3:h:intoto:igateway_vpn:*:*:*:*:*:*:*:*
cpe:2.3:h:intoto:igateway_vpn:*:*:*:*:*:*:*:*

CVSS

Base:	5.4 (as of 08-03-2011 - 02:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:C

refmap via4

misc	http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
secunia	22206
vupen	ADV-2006-3859

Last major update

08-03-2011 - 02:42

Published

10-10-2006 - 04:06

Last modified

08-03-2011 - 02:42