navigation bar left navigation bar right

navigation left tab Products navigation right tab
navigation left tab Solutions navigation right tab
navigation left tab Customers navigation right tab
navigation left tab Partner navigation right tab
navigation left tab Resources navigation right tab
navigation left tab Company navigation right tab
navigation left tab Careers navigation right tab
navigation left tab Community navigation right tab

CVE Reference: CVE-2006-4339

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-4339

Description:
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/28755

UBUNTU
  http://www.ubuntu.com/usn/usn-339-1

SUSE
  http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
  http://www.novell.com/linux/security/advisories/2006_26_sr.html
  http://www.novell.com/linux/security/advisories/2006_61_opera.html
  http://www.novell.com/linux/security/advisories/2006_55_ssl.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1

ST
  1016791
  1017522

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
  http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306

SGI

SAID
  Secunia Advisory: SA31492
  Secunia Advisory: SA26893
  Secunia Advisory: SA28115
  Secunia Advisory: SA25649
  Secunia Advisory: SA22066
  Secunia Advisory: SA26329
  Secunia Advisory: SA25284
  Secunia Advisory: SA25399
  Secunia Advisory: SA22044
  Secunia Advisory: SA22932
  Secunia Advisory: SA24099
  Secunia Advisory: SA24950
  Secunia Advisory: SA24930
  Secunia Advisory: SA23680
  Secunia Advisory: SA23794
  Secunia Advisory: SA23841
  Secunia Advisory: SA23915
  Secunia Advisory: SA22949
  Secunia Advisory: SA22948
  Secunia Advisory: SA23155
  Secunia Advisory: SA23455
  Secunia Advisory: SA22937
  Secunia Advisory: SA22938
  Secunia Advisory: SA22939
  Secunia Advisory: SA22940
  Secunia Advisory: SA22799
  Secunia Advisory: SA22711
  Secunia Advisory: SA22934
  Secunia Advisory: SA22936
  Secunia Advisory: SA22733
  Secunia Advisory: SA22671
  Secunia Advisory: SA22689
  Secunia Advisory: SA22758
  Secunia Advisory: SA22509
  Secunia Advisory: SA22513
  Secunia Advisory: SA22523
  Secunia Advisory: SA22545
  Secunia Advisory: SA22585
  Secunia Advisory: SA22232
  Secunia Advisory: SA22284
  Secunia Advisory: SA22325
  Secunia Advisory: SA22446
  Secunia Advisory: SA22161
  Secunia Advisory: SA22259
  Secunia Advisory: SA22260
  Secunia Advisory: SA22226
  Secunia Advisory: SA21982
  Secunia Advisory: SA21930
  Secunia Advisory: SA21846
  Secunia Advisory: SA21927
  Secunia Advisory: SA21870
  Secunia Advisory: SA22036
  Secunia Advisory: SA21791
  Secunia Advisory: SA21767
  Secunia Advisory: SA21776
  Secunia Advisory: SA21873
  Secunia Advisory: SA21906
  Secunia Advisory: SA21823
  Secunia Advisory: SA21852
  Secunia Advisory: SA21709
  Secunia Advisory: SA21778
  Secunia Advisory: SA21785
  Secunia Advisory: SA21812
  Secunia Advisory: SA38567
  Secunia Advisory: SA38568

REDHAT
  http://www.redhat.com/support/errata/RHSA-2007-0073.html
  http://www.redhat.com/support/errata/RHSA-2008-0629.html
  http://www.redhat.com/support/errata/RHSA-2007-0062.html
  http://www.redhat.com/support/errata/RHSA-2007-0072.html
  http://www.redhat.com/support/errata/RHSA-2006-0661.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11656

OSVDB
  28549

OPENPKG
  http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
  http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html

OPENBSD
  http://www.openbsd.org/errata.html

MLIST
  http://lists.vmware.com/pipermail/security-announce/2008/000008.html
  http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2
  http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

MISC
  http://docs.info.apple.com/article.html?artnum=307177
  http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:161

JVNDB
  http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html

JVN
  http://jvn.jp/en/jp/JVN51615542/index.html

HP
  http://marc.info/?l=bugtraq&m=130497311408250&w=2
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
  http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
  http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
  http://www.securityfocus.com/archive/1/archive/1/450327/100/0/threaded

GENTOO
  http://security.gentoo.org/glsa/glsa-200609-18.xml
  http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
  http://security.gentoo.org/glsa/glsa-200609-05.xml

FREEBSD
  http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc

DEBIAN
  http://www.us.debian.org/security/2006/dsa-1173
  http://www.debian.org/security/2006/dsa-1174

CONFIRM
  http://www.openoffice.org/security/cves/CVE-2006-4339.html
  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
  http://www.vmware.com/support/server/doc/releasenotes_server.html
  http://www.vmware.com/support/player/doc/releasenotes_player.html
  http://www.vmware.com/support/player2/doc/releasenotes_player2.html
  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
  http://www.vmware.com/security/advisories/VMSA-2008-0005.html
  http://support.attachmate.com/techdocs/2127.html
  http://support.attachmate.com/techdocs/2128.html
  http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
  http://docs.info.apple.com/article.html?artnum=304829
  http://www.sybase.com/detail?id=1047991
  http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
  http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
  http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
  http://support.attachmate.com/techdocs/2137.html
  http://www.serv-u.com/releasenotes/
  http://openvpn.net/changelog.html
  http://www.opera.com/support/search/supsearch.dml?index=845
  http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
  http://www.openssl.org/news/secadv_20060905.txt

CISCO
  http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
  http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

CERT-VN
  845620

CERT
  http://www.us-cert.gov/cas/techalerts/TA06-333A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
  http://www.securityfocus.com/archive/1/archive/1/445822/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/445231/100/0/threaded

BID
  28276
  19849
  22083

BEA
  http://dev2dev.bea.com/pub/advisory/238

APPLE
  http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
  http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+