Back to search
CVE-2006-4339
Published: Sep 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-4750
vdb-entry
x_refsource_VUPEN
SSRT061273
vendor-advisory
x_refsource_HP
ADV-2006-3453
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
x_refsource_CONFIRM
23915
third-party-advisory
x_refsource_SECUNIA
201534
vendor-advisory
x_refsource_SUNALERT
HPSBMA02250
vendor-advisory
x_refsource_HP
JVN#51615542
third-party-advisory
x_refsource_JVN
http://docs.info.apple.com/article.html?artnum=307177
x_refsource_MISC
60799
third-party-advisory
x_refsource_SECUNIA
28549
vdb-entry
x_refsource_OSVDB
ADV-2006-4366
vdb-entry
x_refsource_VUPEN
22932
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3748
vdb-entry
x_refsource_VUPEN
21791
third-party-advisory
x_refsource_SECUNIA
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
x_refsource_CONFIRM
GLSA-201408-19
vendor-advisory
x_refsource_GENTOO
26893
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060905.txt
x_refsource_CONFIRM
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
x_refsource_CONFIRM
22509
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:207
vendor-advisory
x_refsource_MANDRIVA
RHSA-2006:0661
vendor-advisory
x_refsource_REDHAT
SUSE-SA:2006:061
vendor-advisory
x_refsource_SUSE
21930
third-party-advisory
x_refsource_SECUNIA
22940
third-party-advisory
x_refsource_SECUNIA
SSRT071304
vendor-advisory
x_refsource_HP
21852
third-party-advisory
x_refsource_SECUNIA
BEA07-169.00
vendor-advisory
x_refsource_BEA
21823
third-party-advisory
x_refsource_SECUNIA
102657
vendor-advisory
x_refsource_SUNALERT
22758
third-party-advisory
x_refsource_SECUNIA
22938
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3899
vdb-entry
x_refsource_VUPEN
22044
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1945
vdb-entry
x_refsource_VUPEN
RHSA-2007:0062
vendor-advisory
x_refsource_REDHAT
OpenPKG-SA-2006.029
vendor-advisory
x_refsource_OPENPKG
ADV-2006-4206
vdb-entry
x_refsource_VUPEN
ADV-2006-3730
vdb-entry
x_refsource_VUPEN
SSRT071299
vendor-advisory
x_refsource_HP
21812
third-party-advisory
x_refsource_SECUNIA
22523
third-party-advisory
x_refsource_SECUNIA
HPSBUX02165
vendor-advisory
x_refsource_HP
22689
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829
x_refsource_CONFIRM
23794
third-party-advisory
x_refsource_SECUNIA
SSRT090208
vendor-advisory
x_refsource_HP
102759
vendor-advisory
x_refsource_SUNALERT
GLSA-200609-05
vendor-advisory
x_refsource_GENTOO
22711
third-party-advisory
x_refsource_SECUNIA
20060905 rPSA-2006-0163-1 openssl openssl-scripts
mailing-list
x_refsource_BUGTRAQ
23680
third-party-advisory
x_refsource_SECUNIA
http://openvpn.net/changelog.html
x_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
[3.9] 20060908 011: SECURITY FIX: September 8, 2006
vendor-advisory
x_refsource_OPENBSD
22733
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1633
x_refsource_CONFIRM
22949
third-party-advisory
x_refsource_SECUNIA
SSA:2006-310-01
vendor-advisory
x_refsource_SLACKWARE
USN-339-1
vendor-advisory
x_refsource_UBUNTU
ADV-2006-3566
vdb-entry
x_refsource_VUPEN
SUSE-SR:2006:026
vendor-advisory
x_refsource_SUSE
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
102744
vendor-advisory
x_refsource_SUNALERT
22446
third-party-advisory
x_refsource_SECUNIA
22939
third-party-advisory
x_refsource_SECUNIA
24099
third-party-advisory
x_refsource_SECUNIA
20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
mailing-list
x_refsource_BUGTRAQ
25284
third-party-advisory
x_refsource_SECUNIA
22083
vdb-entry
x_refsource_BID
MDKSA-2006:178
vendor-advisory
x_refsource_MANDRIVA
1016791
vdb-entry
x_refsource_SECTRACK
25649
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0366
vdb-entry
x_refsource_VUPEN
22671
third-party-advisory
x_refsource_SECUNIA
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
mailing-list
x_refsource_MLIST
102722
vendor-advisory
x_refsource_SUNALERT
21785
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
31492
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4329
vdb-entry
x_refsource_VUPEN
DSA-1173
vendor-advisory
x_refsource_DEBIAN
38567
third-party-advisory
x_refsource_SECUNIA
22284
third-party-advisory
x_refsource_SECUNIA
24930
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4327
vdb-entry
x_refsource_VUPEN
MDKSA-2006:161
vendor-advisory
x_refsource_MANDRIVA
21778
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0629
vendor-advisory
x_refsource_REDHAT
102696
vendor-advisory
x_refsource_SUNALERT
APPLE-SA-2007-12-14
vendor-advisory
x_refsource_APPLE
ADV-2007-2163
vdb-entry
x_refsource_VUPEN
26329
third-party-advisory
x_refsource_SECUNIA
22260
third-party-advisory
x_refsource_SECUNIA
ADV-2007-0343
vdb-entry
x_refsource_VUPEN
102656
vendor-advisory
x_refsource_SUNALERT
SUSE-SA:2007:010
vendor-advisory
x_refsource_SUSE
SSRT061213
vendor-advisory
x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
x_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
21982
third-party-advisory
x_refsource_SECUNIA
http://support.attachmate.com/techdocs/2137.html
x_refsource_CONFIRM
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-616
x_refsource_CONFIRM
http://support.attachmate.com/techdocs/2127.html
x_refsource_CONFIRM
GLSA-200610-06
vendor-advisory
x_refsource_GENTOO
DSA-1174
vendor-advisory
x_refsource_DEBIAN
23155
third-party-advisory
x_refsource_SECUNIA
1000148
vendor-advisory
x_refsource_SUNALERT
http://www.openoffice.org/security/cves/CVE-2006-4339.html
x_refsource_CONFIRM
22799
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4207
vdb-entry
x_refsource_VUPEN
ADV-2006-4417
vdb-entry
x_refsource_VUPEN
HPSBUX02186
vendor-advisory
x_refsource_HP
http://www.sybase.com/detail?id=1047991
x_refsource_CONFIRM
SSRT061239
vendor-advisory
x_refsource_HP
21873
third-party-advisory
x_refsource_SECUNIA
HPSBOV02683
vendor-advisory
x_refsource_HP
RHSA-2007:0072
vendor-advisory
x_refsource_REDHAT
JVNDB-2012-000079
third-party-advisory
x_refsource_JVNDB
http://www.serv-u.com/releasenotes/
x_refsource_CONFIRM
ADV-2006-4744
vdb-entry
x_refsource_VUPEN
38568
third-party-advisory
x_refsource_SECUNIA
21846
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
x_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
x_refsource_CONFIRM
HPSBUX02219
vendor-advisory
x_refsource_HP
ADV-2007-0254
vdb-entry
x_refsource_VUPEN
SSRT061266
vendor-advisory
x_refsource_HP
SSRT061181
vendor-advisory
x_refsource_HP
ADV-2007-4224
vdb-entry
x_refsource_VUPEN
22161
third-party-advisory
x_refsource_SECUNIA
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
mailing-list
x_refsource_MLIST
22937
third-party-advisory
x_refsource_SECUNIA
22325
third-party-advisory
x_refsource_SECUNIA
102648
vendor-advisory
x_refsource_SUNALERT
ADV-2007-2315
vdb-entry
x_refsource_VUPEN
http://www.opera.com/support/search/supsearch.dml?index=845
x_refsource_CONFIRM
APPLE-SA-2006-11-28
vendor-advisory
x_refsource_APPLE
21767
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1815
vdb-entry
x_refsource_VUPEN
22232
third-party-advisory
x_refsource_SECUNIA
TA06-333A
third-party-advisory
x_refsource_CERT
21906
third-party-advisory
x_refsource_SECUNIA
HPSBUX02153
vendor-advisory
x_refsource_HP
22934
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
RHSA-2007:0073
vendor-advisory
x_refsource_REDHAT
22585
third-party-advisory
x_refsource_SECUNIA
25399
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0905
vdb-entry
x_refsource_VUPEN
ADV-2007-1401
vdb-entry
x_refsource_VUPEN
201247
vendor-advisory
x_refsource_SUNALERT
openssl-rsa-security-bypass(28755)
vdb-entry
x_refsource_XF
22513
third-party-advisory
x_refsource_SECUNIA
41818
third-party-advisory
x_refsource_SECUNIA
http://support.attachmate.com/techdocs/2128.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:11656
vdb-entry
signature
x_refsource_OVAL
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
x_refsource_CONFIRM
21776
third-party-advisory
x_refsource_SECUNIA
SSRT061275
vendor-advisory
x_refsource_HP
FreeBSD-SA-06:19
vendor-advisory
x_refsource_FREEBSD
23455
third-party-advisory
x_refsource_SECUNIA
20070110 VMware ESX server security updates
mailing-list
x_refsource_BUGTRAQ
28115
third-party-advisory
x_refsource_SECUNIA
22226
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3936
vdb-entry
x_refsource_VUPEN
22066
third-party-advisory
x_refsource_SECUNIA
22936
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
x_refsource_CONFIRM
HPSBTU02207
vendor-advisory
x_refsource_HP
OpenPKG-SA-2006.018
vendor-advisory
x_refsource_OPENPKG
MDKSA-2006:177
vendor-advisory
x_refsource_MANDRIVA
22545
third-party-advisory
x_refsource_SECUNIA
1017522
vdb-entry
x_refsource_SECTRACK
22948
third-party-advisory
x_refsource_SECUNIA
20061108 Multiple Vulnerabilities in OpenSSL Library
vendor-advisory
x_refsource_CISCO
23841
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4205
vdb-entry
x_refsource_VUPEN
ADV-2007-2783
vdb-entry
x_refsource_VUPEN
22259
third-party-advisory
x_refsource_SECUNIA
22036
third-party-advisory
x_refsource_SECUNIA
200708
vendor-advisory
x_refsource_SUNALERT
ADV-2006-4586
vdb-entry
x_refsource_VUPEN
21927
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2006:055
vendor-advisory
x_refsource_SUSE
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
x_refsource_CONFIRM
ADV-2006-5146
vdb-entry
x_refsource_VUPEN
21870
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4216
vdb-entry
x_refsource_VUPEN
ADV-2006-3793
vdb-entry
x_refsource_VUPEN
28276
vdb-entry
x_refsource_BID
21709
third-party-advisory
x_refsource_SECUNIA
VU#845620
third-party-advisory
x_refsource_CERT-VN
SSA:2006-257-02
vendor-advisory
x_refsource_SLACKWARE
GLSA-200609-18
vendor-advisory
x_refsource_GENTOO
20061108 Multiple Vulnerabilities in OpenSSL library
vendor-advisory
x_refsource_CISCO
102686
vendor-advisory
x_refsource_SUNALERT
24950
third-party-advisory
x_refsource_SECUNIA
19849
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now