Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:845620
HistorySep 11, 2006 - 12:00 a.m.

Multiple RSA implementations fail to properly handle signatures

2006-09-1100:00:00
www.kb.cert.org
14

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.093 Low

EPSS

Percentile

94.7%

JSON

Overview

Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.

Description

RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized. One such padding scheme is specified in the Public-Key Cryptography Standard #1 (PKCS-1), which is defined in RFC 3447.

Many RSA implementations may fail to properly verify signatures. Specifically, the verifier may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key’s signature.

Note that any application that uses RSA signatures may be affected by this vulnerability. This includes, but is not limited to, SSH, SSL, PGP, and X.509 applications.

This issue is further discussed on the ietf-openpgp mailing list.

Impact

This vulnerability may allow an attacker to forge an RSA signature.

Solution

Check with your vendor
See the systems affected section of this document for information about how specific vendors are addressing this vulnerability.

Vendor Information

845620

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Appgate Network Security __ Affected

Notified: September 08, 2006 Updated: September 13, 2006

Status

Affected

Vendor Statement

AppGate version 7.1.5 and earlier are vulnerable if x509 authentication is used. It is theoretically possible to forge a certificate and thus gain access to the system. A patch will be available from the AppGate support pages.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc. __ Affected

Updated: January 08, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2006-007.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23335392 Feedback>).

AttachmateWRQ, Inc. __ Affected

Notified: September 06, 2006 Updated: October 20, 2006

Status

Affected

Vendor Statement

`Attachmate has determined that Reflection for the Web is not vulnerable to CERT issue VU#845620.

Attachmate has determined that certain clients in the Reflection product line are vulnerable to CERT issue VU#845620. Attachmate is making patches available. For more information, see Attachmate’s support website at <http://support.wrq.com/techdocs/2137.html&gt;.

Attachmate is still investigating whether the Reflection for Secure IT products (RSIT Server for Windows and RSIT Client and Server for UNIX) are vulnerable to CERT issue VU#845620. Please check the support web site below for the latest information.

Attachmate advises that interested parties regularly check Attachmate’s support websites for updates on security related issues:
<http://support.wrq.com/techdocs/1708.html&gt; for Reflection products
<http://support.wrq.com/techdocs/1704.html&gt; for Reflection for the Web
<http://support.wrq.com/techdocs/1910.html&gt; for Reflection for Secure IT products`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc. __ Affected

Notified: September 08, 2006 Updated: September 18, 2006

Status

Affected

Vendor Statement

Avaya is vulnerable to this issue, and our public response is located on the web at

<http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Blue Coat Systems __ Affected

Updated: January 08, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23335392 Feedback>).

Cisco Systems, Inc. __ Affected

Notified: September 08, 2006 Updated: November 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Debian GNU/Linux __ Affected

Notified: September 08, 2006 Updated: October 03, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.debian.org/security/2006/dsa-1182&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

F5 Networks, Inc. __ Affected

Notified: September 06, 2006 Updated: September 11, 2006

Status

Affected

Vendor Statement

F5 products BIG-IP (4.x and 9.x), FirePass, and WANjet are vulnerable. Patches are being made available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. __ Affected

Notified: September 08, 2006 Updated: September 11, 2006

Status

Affected

Vendor Statement

All FreeBSD releases prior to FreeBSD 6.2 are affected by this issue. Patches have been released and FreeBSD Security Advisory FreeBSD-SA-06:19.openssl has been issued concerning the problem.

<http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux __ Affected

Notified: September 08, 2006 Updated: October 03, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.gentoo.org/security/en/glsa/glsa-200609-15.xml&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

GnuTLS __ Affected

Updated: September 20, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html&gt;

An updated patch is available at <http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Hewlett-Packard Company __ Affected

Notified: September 08, 2006 Updated: November 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00794048&jumpid=reg_R1002_USEN

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

IAIK Java Group __ Affected

Notified: September 06, 2006 Updated: October 20, 2006

Status

Affected

Vendor Statement

Current versions of IAIK-JCE (3.142) and IAIK-JCE ME (3.04) are not vulnerable. IAIK-JCE versions 3.14 and earlier and IAIK-JCE ME versions 3.03 and earlier are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation __ Affected

Notified: September 08, 2006 Updated: January 08, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to IBM Security Annoucement 3117.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Internet Software Consortium __ Affected

Updated: January 19, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to 200611030511.kA35BviX044435.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Intoto __ Affected

Notified: September 08, 2006 Updated: September 21, 2006

Status

Affected

Vendor Statement

Intoto engineering team has analyzed the PKCS-1 signature padding vulnerability documented in this CERT vulnerability note, and found that its VPN and SSLVPN products are affected. Patch is available for fixing this potential vulnerability in Intoto products. Please contact Intoto at [email protected] to get the patch.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc. __ Affected

Notified: September 08, 2006 Updated: January 08, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to PSN-2006-10-002.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Mandriva, Inc. __ Affected

Notified: September 08, 2006 Updated: October 03, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.mandriva.com/security/advisories?name=MDKSA-2006:166&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Mozilla, Inc. __ Affected

Updated: September 19, 2006

Status

Affected

Vendor Statement

Mozilla has fixed the RSA vulnerability described in VU#845620 and has released an advisory covering several affected products (<http://www.mozilla.org/security/announce/2006/mfsa2006-60.html&gt;).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.mozilla.org/security/announce/2006/mfsa2006-60.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

OpenPKG __ Affected

Updated: November 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

OpenSSL __ Affected

Updated: September 06, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.openssl.org/news/secadv_20060905.txt&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Openwall GNU/*/Linux __ Affected

Notified: September 08, 2006 Updated: September 11, 2006

Status

Affected

Vendor Statement

We have applied a fix for this issue to the OpenSSL package in Owl-current as of 2006/09/06 and Owl 2.0-stable as of 2006/09/09.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Opera __ Affected

Notified: September 19, 2006 Updated: September 21, 2006

Status

Affected

Vendor Statement

Refer to <http://www.opera.com/support/search/supsearch.dml?index=845&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Oracle Corporation __ Affected

Updated: January 17, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

RSA Security, Inc. __ Affected

Notified: September 06, 2006 Updated: January 08, 2007

Status

Affected

Vendor Statement

RSA BSAFE SSL-C software has been examined and confirmed to be susceptible to this vulnerability; customers should upgrade to RSA BSAFE SSL-C 2.7.1 which includes remediation for this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. __ Affected

Notified: September 08, 2006 Updated: October 03, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <https://rhn.redhat.com/errata/RHSA-2006-0680.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

SSH Communications Security Corp __ Affected

Notified: September 08, 2006 Updated: November 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.ssh.com/documents/33/SSH_Tectia_Server_5.1.1_releasenotes.txt&gt;, <http://www.ssh.com/documents/33/SSH_Tectia_Manager_2.2.1_releasenotes.txt&gt;, <http://www.ssh.com/documents/33/SSH_Tectia_Server_zOS_5.2.1_releasenotes.txt&gt;, and <http://www.ssh.com/documents/33/SSH_Tectia_Client_5.1.1_releasenotes.txt&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

SUSE Linux __ Affected

Notified: September 08, 2006 Updated: September 29, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.novell.com/linux/security/advisories/2006_55_ssl.html&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Slackware Linux Inc. __ Affected

Notified: September 08, 2006 Updated: November 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://slackware.com/changelog/i386/ChangeLog-stable.txt&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Sun Microsystems, Inc. __ Affected

Notified: September 06, 2006 Updated: October 04, 2006

Status

Affected

Vendor Statement

Refer to http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1&searchclaus

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sybase __ Affected

Updated: January 08, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Sybase Alert 1047991.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23335392 Feedback>).

Ubuntu __ Affected

Notified: September 08, 2006 Updated: September 25, 2006

Status

Affected

Vendor Statement

In Ubuntu, three RSA implementations are affected:

* OpenSSL, which we fixed in &lt;http://www.ubuntu.com/usn/usn-339-1&gt;
* GnuTLS, which we fixed in &lt;http://www.ubuntu.com/usn/usn-348-1&gt;
* libnss3 from the Mozilla products;

Ubuntu 6.06 is already fully fixed (USN-351-1 and USN-352-1), updates are in progress for older stable releases (USN-350-1, for example).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

VMware __ Affected

Updated: January 19, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

VMware has published advisories 9986131, 3069097, 254-200612, 253-200612, 213-200612, and 202-200612 in response to this issue. Please refer to those advisories for additional details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

VanDyke Software __ Affected

Notified: September 08, 2006 Updated: January 22, 2007

Status

Affected

Vendor Statement

The following VanDyke Software products are affected by VU#845620:

- SecureCRT version 5.2.1 and earlier
- SecureFX version 4.0.1 and earlier
- VShell version 2.6.2 and earlier for Windows, RedHat
Linux, HP-UX, AIX, and Solaris.

Product updates which address this vulnerability are
available. For more information, please visit:

<http://www.vandyke.com/support/advisory/2007/01/845620.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

rPath __ Affected

Updated: October 04, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <https://issues.rpath.com/browse/RPL-640&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23845620 Feedback>).

Crypto++ Library __ Not Affected

Notified: September 06, 2006 Updated: September 07, 2006

Status

Not Affected

Vendor Statement

Crypto++ is not vulnerable to this attack. You can add this as a vendor statement for VU#845620.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F-Secure Corporation __ Not Affected

Notified: September 08, 2006 Updated: October 04, 2006

Status

Not Affected

Vendor Statement

F-Secure antivirus products are not vulnerable. The list of non-vulnerable products includes F-Secure Anti-Virus, F-Secure Internet Security, F-Secure Client Security, F-Secure Server Security, F-Secure Mobile Security, F-Secure Messaging Security Gateway, F-Secure Network Control, and all other products in F-Secure small business and corporate suites, also listed at <http://www.f-secure.com/enterprises/products/&gt;.

F-Secure VPN+ versions up to version 6.12 are vulnerable in installations that use PKI CA issued certificates, which use third-party generated keys. The RSA key generator in F-Secure products has never allowed the generation of RSA keys with a public exponent of 3. This means that keys created with F-Secure tools cannot be used to mount an attack against F-Secure products or other systems.

The F-Secure SSH product line is exclusively distributed by Attachmate under the Reflection for Secure IT brand. Please see the vendor statement from Attachmate for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates __ Not Affected

Notified: September 08, 2006 Updated: September 18, 2006

Status

Not Affected

Vendor Statement

Global Technology Associates, Inc. has examined this issue and is pleased to report this issue does not impact any versions (current and past) of the GTA firewall products.

To report potential security vulnerabilities in GTA products, send an E-mail message to: [email protected].

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lotus Software __ Not Affected

Notified: September 06, 2006 Updated: October 04, 2006

Status

Not Affected

Vendor Statement

IBM Lotus software products are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

PGP Corporation __ Not Affected

Notified: September 12, 2006 Updated: September 13, 2006

Status

Not Affected

Vendor Statement

PGP Corporation’s products are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

PuTTY __ Not Affected

Notified: September 08, 2006 Updated: September 11, 2006

Status

Not Affected

Vendor Statement

I do not believe that any program in the PuTTY suite is, or has ever been, vulnerable to this attack.

The RSA verification code is in the function rsa2_verifysig() in our source file sshrsa.c, and a quick inspection shows clearly that it rigorously enforces that the ASN.1 data and hash value must be at the very bottom of the PKCS#1 padded integer.

For good measure, our RSA key generator does not, and has never, generated keys with an exponent of 3. (This has nothing to do with whether we’re vulnerable to the attack itself, of course, but it does mean we are also not generating keys which can be abused to mount the attack against other systems.)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

nCipher Corporation Ltd. __ Not Affected

Notified: September 26, 2006 Updated: September 28, 2006

Status

Not Affected

Vendor Statement

.…we can confirm that none of nCipher’s hardware security modules are vulnerable to this attack.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

America Online, Inc. Unknown

Notified: September 07, 2006 Updated: September 07, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apache HTTP Server Project Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apache-SSL Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Aruba Networks, Inc. Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Bitvise Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Certicom Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte’s Web Networks Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Covalent Technologies Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cryptlib __ Unknown

Notified: September 06, 2006 Updated: September 18, 2006

Status

Unknown

Vendor Statement

Although cryptlib shouldn’t be vulnerable to the original Bleichenbacher attack, there is ongoing discussion about further attacks that affect any RSA keys with e=3. Because the security community currently doesn’t know how serious the problem is, cryptlib users should disable the use of any RSA keys with e=3 by changing the check ‘if( BN_get_word( e ) < 3 )’ in initCheckRSAkey() in context/kg_rsa.c to ‘if( BN_get_word( e ) < 17 )’. Note that this will disable the use of a small number of existing keys that use e=3 (although cryptlib itself will never generate or use private keys with this

value), but until the exact nature of the problem is fully understood this is the only safe fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation) Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FiSSH Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreSSH Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

InterPeak Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

InterSoft International Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems) Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MacSSH Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mirapoint, Inc. Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation) Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetComposite Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified: September 07, 2006 Updated: September 07, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenSSH Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Pragma Systems Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified: September 08, 2006 Updated: October 03, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Enterprise Security Division Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Spyrus Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stunnel Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group (SCO Unix) Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Verisign Unknown

Notified: September 11, 2006 Updated: September 11, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

WeOnlyDo! Software Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

WinSCP Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc. Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

lsh Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

mod_ssl Unknown

Notified: September 06, 2006 Updated: September 06, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter Unknown

Notified: September 08, 2006 Updated: September 08, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 132 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Daniel Bleichenbacher.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2006-4339
Severity Metric: 7.56 Date Public:

Related

checkpoint_advisories 1
securityvulns 3
openvas 78
f5 2
nessus 73
debian 2
slackware 2
ubuntu 1
freebsd_advisory 1
cve 5
centos 2
altlinux 3
debiancve 2
openssl 1
gentoo 2
osv 1
checkpoint_security 1
ubuntucve 3
redhat 4
freebsd 3
jvn 1
suse 3
mozilla 1
cisco 1
oraclelinux 2
threatpost 1
checkpoint_advisories
checkpoint_advisories
Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability
2006-11-13 00:00:00
securityvulns
securityvulns
OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery &#40;CVE-2006-4339&#41;
2006-09-05 00:00:00
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
2006-09-15 00:00:00
[OpenPKG-SA-2006.029] OpenPKG Security Advisory &#40;bind&#41;
2006-11-05 00:00:00
openvas
openvas
SLES9: Security update for openssl
2009-10-10 00:00:00
Debian Security Advisory DSA 1174-1 (openssl096)
2008-01-17 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-06:19.openssl.asc)
2008-09-04 00:00:00
f5
f5
SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339
2007-05-16 00:00:00
K6623 : OpenSSL signature vulnerability - CVE-2006-4339
2013-03-26 00:00:00
nessus
nessus
HP-UX PHSS_35481 : HP-UX VirtualVault Remote Unauthorized Access (HPSBUX02165 SSRT061266 rev.1)
2006-11-22 00:00:00
GLSA-200609-05 : OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
2006-09-12 00:00:00
HP-UX PHSS_35480 : HP-UX VirtualVault Remote Unauthorized Access (HPSBUX02165 SSRT061266 rev.1)
2006-11-22 00:00:00
debian
debian
[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness
2006-09-10 00:00:00
[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness
2006-09-11 00:00:00
slackware
slackware
[slackware-security] openssl
2006-09-14 22:05:20
[slackware-security] bind
2006-11-07 06:26:27
ubuntu
ubuntu
OpenSSL vulnerability
2006-09-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:19.openssl
2006-09-06 00:00:00
cve
cve
CVE-2006-4339
2006-09-05 17:04:00
CVE-2006-7140
2007-03-07 20:19:00
CVE-2006-4790
2006-09-14 19:07:00
centos
centos
openssl, openssl095a, openssl096 security update
2006-09-11 00:52:04
openssl, openssl096b security update
2006-09-08 09:58:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
debiancve
debiancve
CVE-2006-4339
2006-09-05 17:04:00
CVE-2006-4340
2006-09-15 18:07:00
openssl
openssl
Vulnerability in OpenSSL CVE-2006-4339
2006-09-05 00:00:00
gentoo
gentoo
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
2006-09-07 00:00:00
Mozilla Network Security Service (NSS): RSA signature forgery
2006-10-17 00:00:00
osv
osv
openssl - cryptographic weakness
2006-09-10 00:00:00
checkpoint_security
checkpoint_security
OpenSSL CVE-2006-4339 8732 vulnerability Fix
2006-10-18 22:00:00
ubuntucve
ubuntucve
CVE-2006-4339
2006-09-05 00:00:00
CVE-2006-4790
2006-09-14 00:00:00
CVE-2006-4340
2006-09-15 00:00:00
redhat
redhat
(RHSA-2006:0661) openssl security update
2006-09-06 00:00:00
(RHSA-2007:0072) Critical: IBMJava2 security update
2007-02-08 00:00:00
(RHSA-2007:0073) Critical: java-1.5.0-ibm security update
2007-02-09 00:00:00
freebsd
freebsd
opera -- RSA Signature Forgery
2006-09-18 00:00:00
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-06 00:00:00
openoffice.org -- multiple vulnerabilities
2006-08-24 00:00:00
jvn
jvn
JVN#51615542: Adobe Reader fails to properly handle signatures
2012-08-30 00:00:00
suse
suse
remote code execution in opera
2006-10-19 13:18:21
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
remote code execution in IBMJava2
2007-01-18 16:13:31
mozilla
mozilla
RSA Signature Forgery — Mozilla
2006-09-14 00:00:00
cisco
cisco
OpenSSL RSA Signature Forgery Vulnerability
2006-09-05 17:39:31
oraclelinux
oraclelinux
Important openssl security update
2006-11-30 00:00:00
Important openssl security update
2006-11-30 00:00:00
threatpost
threatpost
OpenOffice Zaps Six Security Bugs
2010-02-18 15:09:26

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.093 Low

EPSS

Percentile

94.7%

JSON
Related for VU:845620
checkpoint_advisories1securityvulns3openvas78f52nessus73debian2slackware2ubuntu1freebsd_advisory1cve5centos2altlinux3debiancve2openssl1gentoo2osv1checkpoint_security1ubuntucve3redhat4freebsd3jvn1suse3mozilla1cisco1oraclelinux2threatpost1