Lucene search

[email protected]CVE-2006-4339

HistorySep 05, 2006 - 5:04 p.m.

CVE-2006-4339

2006-09-0517:04:00

CWE-310

[email protected]

web.nvd.nist.gov

142

openssl

cve-2006-4339

rsa key

pkcs-1 padding

x.509

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.093 Low

EPSS

Percentile

94.7%

JSON

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.7

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

CPENameOperatorVersion
openssl:opensslopensslle0.9.7
openssl:opensslopenssleq0.9.1c
openssl:opensslopenssleq0.9.2b
openssl:opensslopenssleq0.9.3
openssl:opensslopenssleq0.9.3a
openssl:opensslopenssleq0.9.4
openssl:opensslopenssleq0.9.5
openssl:opensslopenssleq0.9.5a
openssl:opensslopenssleq0.9.6
openssl:opensslopenssleq0.9.6a

CPE	Name	Operator	Version
openssl:openssl	openssl	le	0.9.7
openssl:openssl	openssl	eq	0.9.1c
openssl:openssl	openssl	eq	0.9.2b
openssl:openssl	openssl	eq	0.9.3
openssl:openssl	openssl	eq	0.9.3a
openssl:openssl	openssl	eq	0.9.4
openssl:openssl	openssl	eq	0.9.5
openssl:openssl	openssl	eq	0.9.5a
openssl:openssl	openssl	eq	0.9.6
openssl:openssl	openssl	eq	0.9.6a

Rows per page:

1-10 of 351

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

dev2dev.bea.com/pub/advisory/238

docs.info.apple.com/article.html?artnum=304829

docs.info.apple.com/article.html?artnum=307177

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771

itrc.hp.com/service/cki/docDisplay.do?docId=c00849540

jvn.jp/en/jp/JVN51615542/index.html

jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html

lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

lists.vmware.com/pipermail/security-announce/2008/000008.html

marc.info/?l=bind-announce&m=116253119512445&w=2

marc.info/?l=bugtraq&m=130497311408250&w=2

openvpn.net/changelog.html

secunia.com/advisories/21709

secunia.com/advisories/21767

secunia.com/advisories/21776

secunia.com/advisories/21778

secunia.com/advisories/21785

secunia.com/advisories/21791

secunia.com/advisories/21812

secunia.com/advisories/21823

secunia.com/advisories/21846

secunia.com/advisories/21852

secunia.com/advisories/21870

secunia.com/advisories/21873

secunia.com/advisories/21906

secunia.com/advisories/21927

secunia.com/advisories/21930

secunia.com/advisories/21982

secunia.com/advisories/22036

secunia.com/advisories/22044

secunia.com/advisories/22066

secunia.com/advisories/22161

secunia.com/advisories/22226

secunia.com/advisories/22232

secunia.com/advisories/22259

secunia.com/advisories/22260

secunia.com/advisories/22284

secunia.com/advisories/22325

secunia.com/advisories/22446

secunia.com/advisories/22509

secunia.com/advisories/22513

secunia.com/advisories/22523

secunia.com/advisories/22545

secunia.com/advisories/22585

secunia.com/advisories/22671

secunia.com/advisories/22689

secunia.com/advisories/22711

secunia.com/advisories/22733

secunia.com/advisories/22758

secunia.com/advisories/22799

secunia.com/advisories/22932

secunia.com/advisories/22934

secunia.com/advisories/22936

secunia.com/advisories/22937

secunia.com/advisories/22938

secunia.com/advisories/22939

secunia.com/advisories/22940

secunia.com/advisories/22948

secunia.com/advisories/22949

secunia.com/advisories/23155

secunia.com/advisories/23455

secunia.com/advisories/23680

secunia.com/advisories/23794

secunia.com/advisories/23841

secunia.com/advisories/23915

secunia.com/advisories/24099

secunia.com/advisories/24930

secunia.com/advisories/24950

secunia.com/advisories/25284

secunia.com/advisories/25399

secunia.com/advisories/25649

secunia.com/advisories/26329

secunia.com/advisories/26893

secunia.com/advisories/28115

secunia.com/advisories/31492

secunia.com/advisories/38567

secunia.com/advisories/38568

secunia.com/advisories/41818

secunia.com/advisories/60799

security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc

security.gentoo.org/glsa/glsa-200609-05.xml

security.gentoo.org/glsa/glsa-200609-18.xml

securitytracker.com/id?1016791

securitytracker.com/id?1017522

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306

sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1

support.attachmate.com/techdocs/2127.html

support.attachmate.com/techdocs/2128.html

support.attachmate.com/techdocs/2137.html

support.avaya.com/elmodocs2/security/ASA-2006-188.htm

www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf

www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html

www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html

www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

www.debian.org/security/2006/dsa-1174

www.gentoo.org/security/en/glsa/glsa-200610-06.xml

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.imc.org/ietf-openpgp/mail-archive/msg14307.html

www.kb.cert.org/vuls/id/845620

www.mandriva.com/security/advisories?name=MDKSA-2006:161

www.mandriva.com/security/advisories?name=MDKSA-2006:177

www.mandriva.com/security/advisories?name=MDKSA-2006:178

www.mandriva.com/security/advisories?name=MDKSA-2006:207

www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

www.novell.com/linux/security/advisories/2006_26_sr.html

www.novell.com/linux/security/advisories/2006_55_ssl.html

www.novell.com/linux/security/advisories/2006_61_opera.html

www.novell.com/linux/security/advisories/2007_10_ibmjava.html

www.openbsd.org/errata.html

www.openoffice.org/security/cves/CVE-2006-4339.html

www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html

www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html

www.openssl.org/news/secadv_20060905.txt

www.opera.com/support/search/supsearch.dml?index=845

www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

www.osvdb.org/28549

www.redhat.com/support/errata/RHSA-2006-0661.html

www.redhat.com/support/errata/RHSA-2007-0062.html

www.redhat.com/support/errata/RHSA-2007-0072.html

www.redhat.com/support/errata/RHSA-2007-0073.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/445231/100/0/threaded

www.securityfocus.com/archive/1/445822/100/0/threaded

www.securityfocus.com/archive/1/450327/100/0/threaded

www.securityfocus.com/archive/1/456546/100/200/threaded

www.securityfocus.com/archive/1/489739/100/0/threaded

www.securityfocus.com/bid/19849

www.securityfocus.com/bid/22083

www.securityfocus.com/bid/28276

www.serv-u.com/releasenotes/

www.sybase.com/detail?id=1047991

www.ubuntu.com/usn/usn-339-1

www.us-cert.gov/cas/techalerts/TA06-333A.html

www.us.debian.org/security/2006/dsa-1173

www.vmware.com/security/advisories/VMSA-2008-0005.html

www.vmware.com/support/ace2/doc/releasenotes_ace2.html

www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

www.vmware.com/support/player/doc/releasenotes_player.html

www.vmware.com/support/player2/doc/releasenotes_player2.html

www.vmware.com/support/server/doc/releasenotes_server.html

www.vmware.com/support/vi3/doc/esx-3069097-patch.html

www.vmware.com/support/vi3/doc/esx-9986131-patch.html

www.vmware.com/support/ws55/doc/releasenotes_ws55.html

www.vmware.com/support/ws6/doc/releasenotes_ws6.html

www.vupen.com/english/advisories/2006/3453

www.vupen.com/english/advisories/2006/3566

www.vupen.com/english/advisories/2006/3730

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3793

www.vupen.com/english/advisories/2006/3899

www.vupen.com/english/advisories/2006/3936

www.vupen.com/english/advisories/2006/4205

www.vupen.com/english/advisories/2006/4206

www.vupen.com/english/advisories/2006/4207

www.vupen.com/english/advisories/2006/4216

www.vupen.com/english/advisories/2006/4327

www.vupen.com/english/advisories/2006/4329

www.vupen.com/english/advisories/2006/4366

www.vupen.com/english/advisories/2006/4417

www.vupen.com/english/advisories/2006/4586

www.vupen.com/english/advisories/2006/4744

www.vupen.com/english/advisories/2006/4750

www.vupen.com/english/advisories/2006/5146

www.vupen.com/english/advisories/2007/0254

www.vupen.com/english/advisories/2007/0343

www.vupen.com/english/advisories/2007/1401

www.vupen.com/english/advisories/2007/1815

www.vupen.com/english/advisories/2007/1945

www.vupen.com/english/advisories/2007/2163

www.vupen.com/english/advisories/2007/2315

www.vupen.com/english/advisories/2007/2783

www.vupen.com/english/advisories/2007/4224

www.vupen.com/english/advisories/2008/0905/references

www.vupen.com/english/advisories/2010/0366

www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

exchange.xforce.ibmcloud.com/vulnerabilities/28755

issues.rpath.com/browse/RPL-1633

issues.rpath.com/browse/RPL-616

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656

secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html

www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.093 Low

EPSS

Percentile

94.7%

JSON

CVE-2006-4339

Affected configurations

References

Related