Home Corporate Website Jobs Mailing Lists RSS Blog New entry Advertise
	Software Inspectors   Scan Online   Personal (PSI)   Network (NSI 2.0)   - NEW - Solutions For   Security Professionals   Security Vendors Free Solutions For   Open Communities   Journalists & Media Secunia Advisories   Search   Historic Advisories   Listed By Product   Listed By Vendor   Statistics / Graphs   Secunia Research   Report Vulnerability   About Advisories Virus Information   Chronological List   Last 10 Virus Alerts   About Virus Information Secunia Customers   Customer Area CVE Reference: CAN-2006-4339 NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. Original Page at CVE MITRE: CAN-2006-4339 Description: OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. CVE Status: Candidate References: XF   http://xforce.iss.net/xforce/xfdb/28755 UBUNTU   http://www.ubuntu.com/usn/usn-339-1 SUSE   http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html   http://www.novell.com/linux/security/advisories/2006_55_ssl.html   http://www.novell.com/linux/security/advisories/2006_26_sr.html   http://www.novell.com/linux/security/advisories/2006_61_opera.html SUNALERT   http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1   http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1   http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 ST   1017522   1016791 SLACKWARE   http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306   http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 SGI SAID   Secunia Advisory: SA24950   Secunia Advisory: SA24099   Secunia Advisory: SA22932   Secunia Advisory: SA22044   Secunia Advisory: SA23915   Secunia Advisory: SA23841   Secunia Advisory: SA23794   Secunia Advisory: SA23680   Secunia Advisory: SA23455   Secunia Advisory: SA23155   Secunia Advisory: SA22948   Secunia Advisory: SA22949   Secunia Advisory: SA22940   Secunia Advisory: SA22939   Secunia Advisory: SA22938   Secunia Advisory: SA22937   Secunia Advisory: SA22936   Secunia Advisory: SA22934   Secunia Advisory: SA22711   Secunia Advisory: SA22799   Secunia Advisory: SA22758   Secunia Advisory: SA22689   Secunia Advisory: SA22671   Secunia Advisory: SA22733   Secunia Advisory: SA22585   Secunia Advisory: SA22545   Secunia Advisory: SA22523   Secunia Advisory: SA22513   Secunia Advisory: SA22509   Secunia Advisory: SA22446   Secunia Advisory: SA22325   Secunia Advisory: SA22284   Secunia Advisory: SA22232   Secunia Advisory: SA22226   Secunia Advisory: SA22260   Secunia Advisory: SA22259   Secunia Advisory: SA22161   Secunia Advisory: SA21930   Secunia Advisory: SA21982   Secunia Advisory: SA22036   Secunia Advisory: SA21870   Secunia Advisory: SA21927   Secunia Advisory: SA21846   Secunia Advisory: SA21906   Secunia Advisory: SA21873   Secunia Advisory: SA21776   Secunia Advisory: SA21767   Secunia Advisory: SA21791   Secunia Advisory: SA21852   Secunia Advisory: SA21823   Secunia Advisory: SA21812   Secunia Advisory: SA21778   Secunia Advisory: SA21785   Secunia Advisory: SA21709   Secunia Advisory: SA24930   Secunia Advisory: SA25284   Secunia Advisory: SA25399   Secunia Advisory: SA25649   Secunia Advisory: SA22066   Secunia Advisory: SA26329   Secunia Advisory: SA26893   Secunia Advisory: SA28115 REDHAT   http://www.redhat.com/support/errata/RHSA-2007-0073.html   http://www.redhat.com/support/errata/RHSA-2007-0072.html   http://www.redhat.com/support/errata/RHSA-2007-0062.html   http://www.redhat.com/support/errata/RHSA-2006-0661.html OSVDB   28549 OPENPKG   http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html   http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html OPENBSD   http://www.openbsd.org/errata.html MLIST   http://lists.vmware.com/pipermail/security-announce/2008/000008.html   http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html   http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2 MISC   http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/   http://docs.info.apple.com/article.html?artnum=307177 MANDRIVA   http://www.mandriva.com/security/advisories?name=MDKSA-2006:207   http://www.mandriva.com/security/advisories?name=MDKSA-2006:178   http://www.mandriva.com/security/advisories?name=MDKSA-2006:161   http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 HP   http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495   http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771   http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540   http://www.securityfocus.com/archive/1/archive/1/450327/100/0/threaded   http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 GENTOO   http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml   http://security.gentoo.org/glsa/glsa-200609-18.xml   http://security.gentoo.org/glsa/glsa-200609-05.xml FREEBSD   http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc DEBIAN   http://www.debian.org/security/2006/dsa-1174   http://www.us.debian.org/security/2006/dsa-1173 CONFIRM   http://www.vmware.com/support/player2/doc/releasenotes_player2.html   http://www.vmware.com/support/server/doc/releasenotes_server.html   http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html   http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html   http://www.vmware.com/support/player/doc/releasenotes_player.html   http://www.vmware.com/security/advisories/VMSA-2008-0005.html   http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html   http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html   http://support.attachmate.com/techdocs/2128.html   http://support.attachmate.com/techdocs/2127.html   http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html   http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html   http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html   http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html   http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html   http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html   http://www.sybase.com/detail?id=1047991   http://docs.info.apple.com/article.html?artnum=304829   http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html   http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf   http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117   http://support.attachmate.com/techdocs/2137.html   http://www.opera.com/support/search/supsearch.dml?index=845   http://openvpn.net/changelog.html   http://www.serv-u.com/releasenotes/   http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm   http://www.openssl.org/news/secadv_20060905.txt CISCO   http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html   http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml CERT-VN   845620 CERT   http://www.us-cert.gov/cas/techalerts/TA06-333A.html BUGTRAQ   http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded   http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded   http://www.securityfocus.com/archive/1/archive/1/445822/100/0/threaded   http://www.securityfocus.com/archive/1/archive/1/445231/100/0/threaded BID   22083   28276   19849 BEA   http://dev2dev.bea.com/pub/advisory/238 APPLE   http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html   http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html Return to the previous page. Secunia PSI Scan | Patch | Track Free Download Secunia Poll Do you think it's important to read Setup/User Guides for applications for use within your network? Yes, I do it all the time Yes, but I do it rarely No See Results    Most Popular Advisories 1. Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution 2. Ubuntu update for gst-plugins-goo d0.10 3. TFTP Server SP Long Error Message Buffer Overflow 4. Slackware update for thunderbird 5. Cyberfolio "rep" File Inclusion Vulnerability 6. SAP Internet Transaction Server wgate.dll Cross-Site Scripting Vulnerability 7. Zarafa Script Insertion Vulnerabilities 8. InfoBiz Server "keywords" Cross-Site Scripting Vulnerability 9. vShare YouTube Clone "tid" SQL Injection Vulnerability 10. Maian Guestbook footer.php Cross-Site Scripting Vulnerabilities
Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia