4.3

CVE-2006-4339

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.7
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.3
OpenSSLOpenSSL Version0.9.3a
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5 Updatebeta1
OpenSSLOpenSSL Version0.9.5 Updatebeta2
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.5a Updatebeta1
OpenSSLOpenSSL Version0.9.5a Updatebeta2
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6 Updatebeta1
OpenSSLOpenSSL Version0.9.6 Updatebeta2
OpenSSLOpenSSL Version0.9.6 Updatebeta3
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6a Updatebeta1
OpenSSLOpenSSL Version0.9.6a Updatebeta2
OpenSSLOpenSSL Version0.9.6a Updatebeta3
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.89% 0.91
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23794
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/bid/22083
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/23680
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.openbsd.org/errata.html
http://secunia.com/advisories/31492
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://openvpn.net/changelog.html
http://secunia.com/advisories/22523
http://www.vupen.com/english/advisories/2006/4207
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://secunia.com/advisories/23915
http://secunia.com/advisories/26893
http://www.vupen.com/english/advisories/2007/0343
https://issues.rpath.com/browse/RPL-1633
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/4750
http://secunia.com/advisories/22932
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3748
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://secunia.com/advisories/26329
http://www.vupen.com/english/advisories/2007/2783
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://secunia.com/advisories/22036
Vendor Advisory
http://secunia.com/advisories/21906
Vendor Advisory
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://dev2dev.bea.com/pub/advisory/238
http://docs.info.apple.com/article.html?artnum=307177
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
http://jvn.jp/en/jp/JVN51615542/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://secunia.com/advisories/21709
Patch
Vendor Advisory
http://secunia.com/advisories/21767
Vendor Advisory
http://secunia.com/advisories/21776
Vendor Advisory
http://secunia.com/advisories/21778
Vendor Advisory
http://secunia.com/advisories/21785
Vendor Advisory
http://secunia.com/advisories/21791
Vendor Advisory
http://secunia.com/advisories/21812
Vendor Advisory
http://secunia.com/advisories/21823
Vendor Advisory
http://secunia.com/advisories/21846
Vendor Advisory
http://secunia.com/advisories/21852
Vendor Advisory
http://secunia.com/advisories/21870
Vendor Advisory
http://secunia.com/advisories/21873
Vendor Advisory
http://secunia.com/advisories/21927
Vendor Advisory
http://secunia.com/advisories/21930
Vendor Advisory
http://secunia.com/advisories/21982
Vendor Advisory
http://secunia.com/advisories/22044
http://secunia.com/advisories/22161
Vendor Advisory
http://secunia.com/advisories/22226
Vendor Advisory
http://secunia.com/advisories/22232
Vendor Advisory
http://secunia.com/advisories/22259
Vendor Advisory
http://secunia.com/advisories/22260
Vendor Advisory
http://secunia.com/advisories/22284
http://secunia.com/advisories/22325
http://secunia.com/advisories/22446
http://secunia.com/advisories/22509
http://secunia.com/advisories/22513
http://secunia.com/advisories/22545
http://secunia.com/advisories/22585
http://secunia.com/advisories/22671
http://secunia.com/advisories/22689
http://secunia.com/advisories/22711
http://secunia.com/advisories/22733
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/22934
http://secunia.com/advisories/22936
http://secunia.com/advisories/22937
http://secunia.com/advisories/22938
http://secunia.com/advisories/22939
http://secunia.com/advisories/22940
http://secunia.com/advisories/22948
http://secunia.com/advisories/22949
http://secunia.com/advisories/23455
http://secunia.com/advisories/23841
http://secunia.com/advisories/24099
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25284
http://secunia.com/advisories/25399
http://secunia.com/advisories/25649
http://secunia.com/advisories/28115
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/41818
http://secunia.com/advisories/60799
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
http://security.gentoo.org/glsa/glsa-200609-05.xml
http://security.gentoo.org/glsa/glsa-200609-18.xml
http://securitytracker.com/id?1016791
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
http://support.attachmate.com/techdocs/2127.html
http://support.attachmate.com/techdocs/2128.html
http://support.attachmate.com/techdocs/2137.html
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.debian.org/security/2006/dsa-1174
Patch
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://www.kb.cert.org/vuls/id/845620
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
http://www.novell.com/linux/security/advisories/2006_61_opera.html
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html
http://www.openssl.org/news/secadv_20060905.txt
Patch
Vendor Advisory
http://www.opera.com/support/search/supsearch.dml?index=845
http://www.osvdb.org/28549
http://www.redhat.com/support/errata/RHSA-2006-0661.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0062.html
http://www.redhat.com/support/errata/RHSA-2007-0072.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
http://www.securityfocus.com/archive/1/445231/100/0/threaded
http://www.securityfocus.com/archive/1/445822/100/0/threaded
http://www.securityfocus.com/archive/1/450327/100/0/threaded
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/19849
Patch
http://www.securityfocus.com/bid/28276
http://www.serv-u.com/releasenotes/
http://www.sybase.com/detail?id=1047991
http://www.ubuntu.com/usn/usn-339-1
Patch
http://www.us.debian.org/security/2006/dsa-1173
Patch
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3453
http://www.vupen.com/english/advisories/2006/3566
http://www.vupen.com/english/advisories/2006/3730
http://www.vupen.com/english/advisories/2006/3793
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4205
http://www.vupen.com/english/advisories/2006/4206
http://www.vupen.com/english/advisories/2006/4216
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4366
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4586
http://www.vupen.com/english/advisories/2006/4744
http://www.vupen.com/english/advisories/2006/5146
http://www.vupen.com/english/advisories/2007/0254
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1815
http://www.vupen.com/english/advisories/2007/1945
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/4224
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2010/0366
https://exchange.xforce.ibmcloud.com/vulnerabilities/28755
https://issues.rpath.com/browse/RPL-616
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144