Sign-up

ID

VAR-200610-0513


CVE

CVE-2006-5179


TITLE

Intoto iGateway VPN Service disruption (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-002226

DESCRIPTION

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. Intoto iGateway VPN and iGateway SSL-VPN There is a service disruption (CPU consumption ) There is a vulnerability that becomes a condition. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Intoto iGateway VPN / SSL-VPN Denial of Service Vulnerability SECUNIA ADVISORY ID: SA22206 VERIFY ADVISORY: http://secunia.com/advisories/22206/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Intoto iGateway SSL-VPN http://secunia.com/product/12172/ Intoto iGateway VPN http://secunia.com/product/12171/ DESCRIPTION: A vulnerability has been reported in Intoto iGateway VPN and Intoto iGateway SSL-VPN, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a DoS via specially crafted X.509 certificates. SOLUTION: Reportedly, patch can be obtained by contacting Intoto at support@intoto.com. PROVIDED AND/OR DISCOVERED BY: Originally reported in OpenSSL by Dr S. N Henson. Reported in Intoto iGateway VPN / SSL-VPN by the vendor. ORIGINAL ADVISORY: http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-5179 // JVNDB: JVNDB-2006-002226 // VULHUB: VHN-21287 // PACKETSTORM: 50447

AFFECTED PRODUCTS

vendor:intotomodel:igateway ssl-vpnscope: - version: -

Trust: 1.4

vendor:intotomodel:igateway vpnscope: - version: -

Trust: 1.4

vendor:intotomodel:igateway ssl-vpnscope:eqversion:*

Trust: 1.0

vendor:intotomodel:igateway vpnscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2006-002226 // CNNVD: CNNVD-200610-121 // NVD: CVE-2006-5179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5179
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-5179
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200610-121
value: MEDIUM

Trust: 0.6

VULHUB: VHN-21287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-5179
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21287
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21287 // JVNDB: JVNDB-2006-002226 // CNNVD: CNNVD-200610-121 // NVD: CVE-2006-5179

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-121

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200610-121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002226

PATCH
title:Top pageurl:http://www.intoto.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002226

EXTERNAL IDS
db:NVDid:CVE-2006-5179
Trust: 2.5
db:SECUNIAid:22206
Trust: 1.8
db:VUPENid:ADV-2006-3859
Trust: 1.7
db:JVNDBid:JVNDB-2006-002226
Trust: 0.8
db:CNNVDid:CNNVD-200610-121
Trust: 0.7
db:BIDid:84567
Trust: 0.1
db:VULHUBid:VHN-21287
Trust: 0.1
db:PACKETSTORMid:50447
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21287 // 
            
            
            
            JVNDB: JVNDB-2006-002226 // 
            
            
            
            PACKETSTORM: 50447 // 
            
            
            
            CNNVD: CNNVD-200610-121 // 
            
            
            
            NVD: CVE-2006-5179

REFERENCES
url:http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
Trust: 1.8
url:http://secunia.com/advisories/22206
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3859
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5179
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5179
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/3859
Trust: 0.6
url:http://secunia.com/advisories/22206/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/quality_assurance_analyst/
Trust: 0.1
url:http://secunia.com/product/12172/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/12171/
Trust: 0.1
url:http://secunia.com/web_application_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21287 // 
            
            
            
            JVNDB: JVNDB-2006-002226 // 
            
            
            
            PACKETSTORM: 50447 // 
            
            
            
            CNNVD: CNNVD-200610-121 // 
            
            
            
            NVD: CVE-2006-5179

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 50447

SOURCES
db:VULHUBid:VHN-21287
db:JVNDBid:JVNDB-2006-002226
db:PACKETSTORMid:50447
db:CNNVDid:CNNVD-200610-121
db:NVDid:CVE-2006-5179

LAST UPDATE DATE
2024-08-14T15:25:30.969000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21287date:2011-03-08T00:00:00
db:JVNDBid:JVNDB-2006-002226date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200610-121date:2006-10-23T00:00:00
db:NVDid:CVE-2006-5179date:2011-03-08T02:42:43.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-21287date:2006-10-10T00:00:00
db:JVNDBid:JVNDB-2006-002226date:2012-09-25T00:00:00
db:PACKETSTORMid:50447date:2006-10-03T01:14:36
db:CNNVDid:CNNVD-200610-121date:2006-10-10T00:00:00
db:NVDid:CVE-2006-5179date:2006-10-10T04:06:00