If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
openSUSE10.1x86_64mozilla-nss-32bit< 3.11-21.7mozilla-nss-32bit-3.11-21.7.x86_64.rpm
openSUSE9.2x86_64openssl-devel-32bit< 9.2-200609140724openssl-devel-32bit-9.2-200609140724.x86_64.rpm
openSUSE10.1ppcopenssl< 0.9.8a-18.7openssl-0.9.8a-18.7.ppc.rpm
openSUSE10.1x86_64mozilla-nss< 3.11-21.7mozilla-nss-3.11-21.7.x86_64.rpm
openSUSE10.1ppcmozilla-nss< 3.11-21.7mozilla-nss-3.11-21.7.ppc.rpm
openSUSE10.1ppcopenssl-devel< 0.9.8a-18.7openssl-devel-0.9.8a-18.7.ppc.rpm
SUSE Linux Enterprise Server10s390xmozilla-nss< 3.11-21.7mozilla-nss-3.11-21.7.s390x.rpm
openSUSE10.0x86_64mozilla-nss-devel< 3.10-12.3mozilla-nss-devel-3.10-12.3.x86_64.rpm
openSUSE10.1x86_64openssl< 0.9.8a-18.7openssl-0.9.8a-18.7.x86_64.rpm
SUSE Linux Enterprise Server10s390xmozilla-nss-32bit< 3.11-21.7mozilla-nss-32bit-3.11-21.7.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	10.1	x86_64	mozilla-nss-32bit	< 3.11-21.7	mozilla-nss-32bit-3.11-21.7.x86_64.rpm
openSUSE	9.2	x86_64	openssl-devel-32bit	< 9.2-200609140724	openssl-devel-32bit-9.2-200609140724.x86_64.rpm
openSUSE	10.1	ppc	openssl	< 0.9.8a-18.7	openssl-0.9.8a-18.7.ppc.rpm
openSUSE	10.1	x86_64	mozilla-nss	< 3.11-21.7	mozilla-nss-3.11-21.7.x86_64.rpm
openSUSE	10.1	ppc	mozilla-nss	< 3.11-21.7	mozilla-nss-3.11-21.7.ppc.rpm
openSUSE	10.1	ppc	openssl-devel	< 0.9.8a-18.7	openssl-devel-0.9.8a-18.7.ppc.rpm
SUSE Linux Enterprise Server	10	s390x	mozilla-nss	< 3.11-21.7	mozilla-nss-3.11-21.7.s390x.rpm
openSUSE	10.0	x86_64	mozilla-nss-devel	< 3.10-12.3	mozilla-nss-devel-3.10-12.3.x86_64.rpm
openSUSE	10.1	x86_64	openssl	< 0.9.8a-18.7	openssl-0.9.8a-18.7.x86_64.rpm
SUSE Linux Enterprise Server	10	s390x	mozilla-nss-32bit	< 3.11-21.7	mozilla-nss-32bit-3.11-21.7.s390x.rpm

Rows per page:

1-10 of 491

nessus 78

openvas 63

mozilla 1

cve 8

gentoo 2

ubuntucve 4

debiancve 4

veracode 1

f5 2

debian 3

centos 2

checkpoint_advisories 1

securityvulns 3

slackware 2

ubuntu 1

freebsd_advisory 1

altlinux 3

openssl 1

jvn 1

osv 3

checkpoint_security 1

redhat 4

freebsd 2

cert 1

prion 1

suse 2

cisco 1

oraclelinux 2

threatpost 1

nessus

SUSE-SA:2006:055: openssl,mozilla-nss

2007-02-18 00:00:00

SuSE 10 Security Update : mozilla-nss,mozilla-nss-devel (ZYPP Patch Number 2067)

2007-12-13 00:00:00

openSUSE 10 Security Update : mozilla-nss (mozilla-nss-2071)

2007-10-17 00:00:00

openvas

Gentoo Security Advisory GLSA 200610-06 (nss)

2008-09-24 00:00:00

Gentoo Security Advisory GLSA 200610-06 (nss)

2008-09-24 00:00:00

Solaris Update for NSPR 4.1.6 / NSS 3.3.4.8 114049-14

2009-06-03 00:00:00

mozilla

RSA Signature Forgery — Mozilla

2006-09-14 00:00:00

cve

CVE-2006-4341

2006-09-11 19:04:00

CVE-2006-4340

2006-09-15 18:07:00

CVE-2006-4339

2006-09-05 17:04:00

gentoo

Mozilla Network Security Service (NSS): RSA signature forgery

2006-10-17 00:00:00

OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

2006-09-07 00:00:00

ubuntucve

CVE-2006-4340

2006-09-15 00:00:00

CVE-2006-4339

2006-09-05 00:00:00

CVE-2006-5462

2006-11-08 00:00:00

debiancve

CVE-2006-4340

2006-09-15 18:07:00

CVE-2006-4339

2006-09-05 17:04:00

CVE-2018-16150

2018-11-07 20:29:00

veracode

Spoofable SSL Certificate

2020-04-10 00:13:11

K6623 : OpenSSL signature vulnerability - CVE-2006-4339

2013-03-26 00:00:00

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

2007-05-16 00:00:00

debian

[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness

2006-09-11 17:07:45

[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness

2006-09-10 12:25:00

[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities

2006-11-14 08:02:35

centos

openssl, openssl095a, openssl096 security update

2006-09-11 00:52:04

openssl, openssl096b security update

2006-09-08 09:58:00

checkpoint_advisories

Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability

2006-11-13 00:00:00

securityvulns

OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)

2006-09-05 00:00:00

SIP over TLS: X.509 peer authentication vulnerability in Ingate products

2006-09-15 00:00:00

[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind)

2006-11-05 00:00:00

slackware

[slackware-security] openssl

2006-09-14 22:05:20

[slackware-security] bind

2006-11-07 06:26:27

ubuntu

OpenSSL vulnerability

2006-09-05 00:00:00

freebsd_advisory

FreeBSD-SA-06:19.openssl

2006-09-06 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4

2006-09-06 00:00:00

openssl

Vulnerability in OpenSSL CVE-2006-4339

2006-09-05 00:00:00

jvn

JVN#51615542: Adobe Reader fails to properly handle signatures

2012-08-30 00:00:00

osv

openssl - cryptographic weakness

2006-09-10 00:00:00

CVE-2018-16150

2018-11-07 20:29:00

mozilla-firefox

2006-11-14 00:00:00

checkpoint_security

OpenSSL CVE-2006-4339 8732 vulnerability Fix

2006-10-18 22:00:00

redhat

(RHSA-2006:0661) openssl security update

2006-09-06 00:00:00

(RHSA-2007:0073) Critical: java-1.5.0-ibm security update

2007-02-09 00:00:00

(RHSA-2007:0072) Critical: IBMJava2 security update

2007-02-08 00:00:00

freebsd

openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)

2006-09-06 00:00:00

opera -- RSA Signature Forgery

2006-09-18 00:00:00

cert

Multiple RSA implementations fail to properly handle signatures

2006-09-11 00:00:00

prion

Code injection

2018-11-07 20:29:00

suse

remote code execution in opera

2006-10-19 13:18:21

remote code execution in IBMJava2

2007-01-18 16:13:31

cisco

OpenSSL RSA Signature Forgery Vulnerability

2006-09-05 17:39:31

oraclelinux

Important openssl security update

2006-11-30 00:00:00

Important openssl security update

2006-11-30 00:00:00

threatpost

OpenOffice Zaps Six Security Bugs

2010-02-18 15:09:26

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.33 Low

EPSS

Percentile

96.6%

JSON

Related for SUSE-SA:2006:055