FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4339

This CVE name corresponds to:

Entered Topic
2010-02-25 openoffice.org -- multiple vulnerabilities
2006-12-19 openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-22 opera -- RSA Signature Forgery

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4339 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4339
Phase Assigned(20060824)

Description

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

References

Source Reference
BUGTRAQ 20060905 rPSA-2006-0163-1 openssl openssl-scripts
BUGTRAQ 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
BUGTRAQ 20070110 VMware ESX server security updates
BUGTRAQ 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
MLIST [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
MLIST [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
MLIST [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
MISC http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
MISC http://docs.info.apple.com/article.html?artnum=307177
CONFIRM http://www.openssl.org/news/secadv_20060905.txt
CONFIRM https://issues.rpath.com/browse/RPL-616
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
CONFIRM http://www.opera.com/support/search/supsearch.dml?index=845
CONFIRM http://openvpn.net/changelog.html
CONFIRM http://www.serv-u.com/releasenotes/
CONFIRM http://support.attachmate.com/techdocs/2137.html
CONFIRM http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
CONFIRM http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
CONFIRM http://www.sybase.com/detail?id=1047991
CONFIRM http://docs.info.apple.com/article.html?artnum=304829
CONFIRM http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
CONFIRM http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
CONFIRM http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
CONFIRM http://support.attachmate.com/techdocs/2127.html
CONFIRM http://support.attachmate.com/techdocs/2128.html
CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
CONFIRM https://issues.rpath.com/browse/RPL-1633
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0005.html
CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html
CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html
CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html
CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
CONFIRM http://www.openoffice.org/security/cves/CVE-2006-4339.html
APPLE APPLE-SA-2006-11-28
APPLE APPLE-SA-2007-12-14
BEA BEA07-169.00
CISCO 20061108 Multiple Vulnerabilities in OpenSSL library
CISCO 20061108 Multiple Vulnerabilities in OpenSSL Library
DEBIAN DSA-1173
DEBIAN DSA-1174
FREEBSD FreeBSD-SA-06:19
GENTOO GLSA-200609-05
GENTOO GLSA-200609-18
GENTOO GLSA-200610-06
GENTOO GLSA-201408-19
HP HPSBUX02165
HP SSRT061266
HP HPSBUX02153
HP SSRT061181
HP HPSBUX02186
HP SSRT071299
HP HPSBTU02207
HP SSRT061213
HP SSRT061239
HP SSRT071304
HP HPSBUX02219
HP SSRT061273
HP HPSBMA02250
HP SSRT061275
HP HPSBOV02683
HP SSRT090208
MANDRIVA MDKSA-2006:161
MANDRIVA MDKSA-2006:177
MANDRIVA MDKSA-2006:178
MANDRIVA MDKSA-2006:207
OPENBSD [3.9] 20060908 011: SECURITY FIX: September 8, 2006
OPENPKG OpenPKG-SA-2006.029
OPENPKG OpenPKG-SA-2006.018
REDHAT RHSA-2006:0661
REDHAT RHSA-2007:0062
REDHAT RHSA-2007:0072
REDHAT RHSA-2007:0073
REDHAT RHSA-2008:0629
SGI 20060901-01-P
SLACKWARE SSA:2006-257-02
SLACKWARE SSA:2006-310-01
SUNALERT 102648
SUNALERT 102657
SUNALERT 102656
SUNALERT 102696
SUNALERT 102686
SUNALERT 102722
SUNALERT 102744
SUNALERT 102759
SUNALERT 201247
SUNALERT 201534
SUNALERT 200708
SUNALERT 1000148
SUSE SUSE-SA:2006:055
SUSE SUSE-SA:2006:061
SUSE SUSE-SR:2006:026
SUSE SUSE-SA:2007:010
CERT TA06-333A
CERT-VN VU#845620
JVN JVN#51615542
JVNDB JVNDB-2012-000079
BID 19849
BID 22083
BID 28276
OVAL oval:org.mitre.oval:def:11656
SECUNIA 38567
SECUNIA 38568
SECUNIA 60799
SECUNIA 41818
VUPEN ADV-2006-3453
VUPEN ADV-2006-3566
VUPEN ADV-2006-3730
VUPEN ADV-2006-3793
VUPEN ADV-2006-3899
VUPEN ADV-2006-3936
VUPEN ADV-2006-4205
VUPEN ADV-2006-4206
VUPEN ADV-2006-4207
VUPEN ADV-2006-4327
VUPEN ADV-2006-4329
VUPEN ADV-2006-4366
VUPEN ADV-2006-4417
VUPEN ADV-2006-4586
VUPEN ADV-2006-4750
VUPEN ADV-2006-4744
VUPEN ADV-2006-5146
VUPEN ADV-2007-0254
VUPEN ADV-2007-0343
VUPEN ADV-2006-4216
VUPEN ADV-2007-1401
VUPEN ADV-2007-1815
VUPEN ADV-2007-1945
VUPEN ADV-2007-2163
VUPEN ADV-2006-3748
VUPEN ADV-2007-2315
VUPEN ADV-2007-2783
VUPEN ADV-2007-4224
VUPEN ADV-2008-0905
OSVDB 28549
SECTRACK 1016791
SECTRACK 1017522
SECUNIA 21709
UBUNTU USN-339-1
SECUNIA 21778
SECUNIA 21785
SECUNIA 21812
SECUNIA 21823
SECUNIA 21852
SECUNIA 21791
SECUNIA 21767
SECUNIA 21776
SECUNIA 21873
SECUNIA 21906
SECUNIA 21846
SECUNIA 21927
SECUNIA 21870
SECUNIA 22036
SECUNIA 21982
SECUNIA 21930
SECUNIA 22161
SECUNIA 22259
SECUNIA 22260
SECUNIA 22226
SECUNIA 22232
SECUNIA 22284
SECUNIA 22325
SECUNIA 22446
SECUNIA 22509
SECUNIA 22513
SECUNIA 22523
SECUNIA 22545
SECUNIA 22585
SECUNIA 22733
SECUNIA 22671
SECUNIA 22689
SECUNIA 22758
SECUNIA 22799
SECUNIA 22711
SECUNIA 22934
SECUNIA 22936
SECUNIA 22937
SECUNIA 22938
SECUNIA 22939
SECUNIA 22940
SECUNIA 22949
SECUNIA 22948
SECUNIA 23155
SECUNIA 23455
SECUNIA 23680
SECUNIA 23794
SECUNIA 23841
SECUNIA 23915
SECUNIA 22044
SECUNIA 22932
SECUNIA 24099
SECUNIA 24950
SECUNIA 24930
SECUNIA 25284
SECUNIA 25399
SECUNIA 25649
SECUNIA 22066
SECUNIA 26329
SECUNIA 26893
SECUNIA 28115
SECUNIA 31492
VUPEN ADV-2010-0366
XF openssl-rsa-security-bypass(28755)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.