Secunia
Login
|
|
|
|
|
|
|
|
|
Sybase EAServer RSA Signature Forgery
Release Date: 2006-11-17 Last Update: 2007-01-08 Views: 8,486
Secunia Advisory SA22935
Where:
From remote
Impact:
Security Bypass,
Solution Status:
Partial Fix
CVE Reference(s):
No CVE references.
Description
Sybase has acknowledged a vulnerability in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error within the verification of certain signatures. If an RSA key with exponent 3 is used, it may be possible to forge a signature signed by that key.
The vulnerability is reported in version 5.0 for Windows, Solaris, AIX, HP RISC, HP Itanium and Linux, version 5.1 for Windows and Solaris, version 5.2 for Windows, Solaris, AIX, HP RISC, and Linux, version 5.3 for Windows and Solaris, version 5.5 for Windows, and version 6.0 for Windows and Solaris.
Solution:
Do not use RSA keys with exponent 3.
Further details available to Secunia VIM customers
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.sybase.com/detail?id=1047991
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Sybase EAServer RSA Signature Forgery
|
No posts yet |
|
You must be logged in to post a comment. |
