Problem Description
When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any
bytes which follow the cryptographic hash being signed. In
a valid signature there will be no such bytes.
Impact
OpenSSL will incorrectly report some invalid signatures as
valid. When an RSA public exponent of 3 is used, or more
generally when a small public exponent is used with a
relatively large modulus (e.g., a public exponent of 17 with
a 4096-bit modulus), an attacker can construct a signature
which OpenSSL will accept as a valid PKCS#1 v1.5 signature.
Workaround
No workaround is available.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 6.1UNKNOWN
FreeBSDanynoarchfreebsd< 6.1_6UNKNOWN
FreeBSDanynoarchopenssl< 0.9.8c_9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd	= 6.1	UNKNOWN
FreeBSD	any	noarch	freebsd	< 6.1_6	UNKNOWN
FreeBSD	any	noarch	openssl	< 0.9.8c_9	UNKNOWN

checkpoint_advisories 1

securityvulns 3

f5 2

nessus 82

openvas 69

freebsd_advisory 1

ubuntu 1

slackware 2

debian 2

altlinux 3

jvn 1

cve 5

centos 2

openssl 1

gentoo 2

debiancve 2

osv 1

checkpoint_security 1

redhat 4

cert 1

ubuntucve 3

freebsd 2

suse 3

mozilla 1

cisco 1

oraclelinux 2

threatpost 1

checkpoint_advisories

Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability

2006-11-13 00:00:00

securityvulns

OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)

2006-09-05 00:00:00

SIP over TLS: X.509 peer authentication vulnerability in Ingate products

2006-09-15 00:00:00

[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind)

2006-11-05 00:00:00

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

2007-05-16 00:00:00

K6623 : OpenSSL signature vulnerability - CVE-2006-4339

2013-03-26 00:00:00

nessus

HP-UX PHSS_35481 : HP-UX VirtualVault Remote Unauthorized Access (HPSBUX02165 SSRT061266 rev.1)

2006-11-22 00:00:00

GLSA-200609-05 : OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

2006-09-12 00:00:00

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssl (SSA:2006-257-02)

2006-09-15 00:00:00

openvas

SLES9: Security update for openssl

2009-10-10 00:00:00

Debian Security Advisory DSA 1174-1 (openssl096)

2008-01-17 00:00:00

Slackware Advisory SSA:2006-257-02 openssl

2012-09-11 00:00:00

freebsd_advisory

FreeBSD-SA-06:19.openssl

2006-09-06 00:00:00

ubuntu

OpenSSL vulnerability

2006-09-05 00:00:00

slackware

[slackware-security] openssl

2006-09-14 22:05:20

[slackware-security] bind

2006-11-07 06:26:27

debian

[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness

2006-09-10 12:25:00

[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness

2006-09-11 17:07:45

altlinux

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4

2006-09-06 00:00:00

jvn

JVN#51615542: Adobe Reader fails to properly handle signatures

2012-08-30 00:00:00

cve

CVE-2006-4339

2006-09-05 17:04:00

CVE-2006-4790

2006-09-14 19:07:00

CVE-2006-5484

2006-10-24 22:07:00

centos

openssl, openssl095a, openssl096 security update

2006-09-11 00:52:04

openssl, openssl096b security update

2006-09-08 09:58:00

openssl

Vulnerability in OpenSSL CVE-2006-4339

2006-09-05 00:00:00

gentoo

OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

2006-09-07 00:00:00

Mozilla Network Security Service (NSS): RSA signature forgery

2006-10-17 00:00:00

debiancve

CVE-2006-4339

2006-09-05 17:04:00

CVE-2006-4340

2006-09-15 18:07:00

osv

openssl - cryptographic weakness

2006-09-10 00:00:00

checkpoint_security

OpenSSL CVE-2006-4339 8732 vulnerability Fix

2006-10-18 22:00:00

redhat

(RHSA-2006:0661) openssl security update

2006-09-06 00:00:00

(RHSA-2007:0062) Critical: java-1.4.2-ibm security update

2007-02-07 00:00:00

(RHSA-2007:0073) Critical: java-1.5.0-ibm security update

2007-02-09 00:00:00

cert

Multiple RSA implementations fail to properly handle signatures

2006-09-11 00:00:00

ubuntucve

CVE-2006-4339

2006-09-05 00:00:00

CVE-2006-4790

2006-09-14 00:00:00

CVE-2006-4340

2006-09-15 00:00:00

freebsd

opera -- RSA Signature Forgery

2006-09-18 00:00:00

openoffice.org -- multiple vulnerabilities

2006-08-24 00:00:00

suse

remote code execution in opera

2006-10-19 13:18:21

RSA signature evasion in openssl,mozilla-nss

2006-09-22 15:25:59

remote code execution in IBMJava2

2007-01-18 16:13:31

mozilla

RSA Signature Forgery — Mozilla

2006-09-14 00:00:00

cisco

OpenSSL RSA Signature Forgery Vulnerability

2006-09-05 17:39:31

oraclelinux

Important openssl security update

2006-11-30 00:00:00

Important openssl security update

2006-11-30 00:00:00

threatpost

OpenOffice Zaps Six Security Bugs

2010-02-18 15:09:26

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.093 Low

EPSS

Percentile

94.6%

JSON

Related for 077C2DCA-8F9A-11DB-AB33-000E0C2E438A