Sun Java JDK / SDK RSA Signature Forgery Vulnerability - Secunia Advisories - Vulnerability Intelligence

Sun Java JDK / SDK RSA Signature Forgery Vulnerability
Secunia Advisory:	SA22204	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-10-04
Last Update:	2007-02-22
Popularity:	14,739 views

Critical:	Less critical
Impact:	Security Bypass
Where:	From remote
Solution Status:	Vendor Patch

Software:	Java Secure Socket Extension (JSSE) 1.x Sun Java JDK 1.5.x Sun Java JRE 1.3.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java SDK 1.3.x Sun Java SDK 1.4.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2006-4339 CVE-2006-5201

Description: Sun has acknowledged a vulnerability in Sun JDK / SDK, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA21709 The following products are affected: * JDK and JRE 5.0 Update 8 and earlier * SDK and JRE 1.4.2_12 and earlier * SDK and JRE 1.3.1_19 and earlier * JSSE 1.0.3_03 and earlier Solution: Apply updated versions. * JDK and JRE 5.0 Update 9 or later * SDK and JRE 1.4.2_13 or later * JSSE 1.0.3_04 or later * SDK and JRE 1.3.1_20 Changelog: 2006-10-13: Added CVE reference. 2006-11-16: Updated "Solution" section. Added fixed versions for SDK and JRE 1.4.2 and JSSE 1.0.3. Added additional advisory link. 2007-02-22: Updated "Solution" section. Added fixed version for SDK and JRE 1.3.x. Original Advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 Other References: SA21709: http://secunia.com/advisories/21709/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

10th Oct, 2008

New advisories:	15
New vulnerabilities:	83
Updated advisories:	41

Moderately // 589 views

ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability

Moderately // 586 views

Built2go Real Estate Listings "event_id" SQL Injection

Highly // 844 views

Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow

Moderately // 618 views

Red Hat update for cups

Highly // 627 views

DFF PHP Framework API "DFF_config[dir_incl ude]" File Inclusion Vulnerabilities

Not // 695 views

FUJITSU Interstage Products Apache Tomcat Security Bypass

Moderately // 938 views

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Moderately // 602 views

Fedora update for condor

Moderately // 973 views

CUPS Multiple Vulnerabilities

Not // 669 views

Gentoo Portage Insecure Python Module Search Path Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.