Vulnerabilities > CVE-2006-5179 - Denial-Of-Service vulnerability in Intoto Igateway Ssl-Vpn and Igateway VPN

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

high complexity

intoto

NVD

Published: 2006-10-10

Updated: 2011-03-08

Summary

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. It is reported that a patch may be obtained by contacting Intoto at the following email address: [email protected]

Vulnerable Configurations

Part	Description	Count
Hardware	Intoto Intoto Igateway SSL VPN * Intoto Igateway VPN *	2

References

http://secunia.com/advisories/22206
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
http://www.vupen.com/english/advisories/2006/3859