CVE-2006-4339

Severity

43%

Complexity

86%

Confidentiality

48%

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2006-09-05 17:04:00

Last updated 6 years ago

2018-10-17 21:35:00

Affected Software

OpenSSL Project OpenSSL 0.9.1c

0.9.1c

OpenSSL Project OpenSSL 0.9.2b

0.9.2b

OpenSSL Project OpenSSL 0.9.3

0.9.3

OpenSSL Project OpenSSL 0.9.3a

0.9.3a

OpenSSL Project OpenSSL 0.9.4

0.9.4

OpenSSL Project OpenSSL 0.9.5

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta1

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta2

0.9.5

OpenSSL Project OpenSSL 0.9.5a

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta1

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta2

0.9.5a

OpenSSL Project OpenSSL 0.9.6

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta1

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta2

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta3

0.9.6

OpenSSL Project OpenSSL 0.9.6a

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta1

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta2

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta3

0.9.6a

OpenSSL Project OpenSSL 0.9.6b

0.9.6b

OpenSSL Project OpenSSL 0.9.6c

0.9.6c

OpenSSL Project OpenSSL 0.9.6d

0.9.6d

OpenSSL Project OpenSSL 0.9.6e

0.9.6e

OpenSSL Project OpenSSL 0.9.6f

0.9.6f

OpenSSL Project OpenSSL 0.9.6g

0.9.6g

OpenSSL Project OpenSSL 0.9.6h

0.9.6h

OpenSSL Project OpenSSL 0.9.6i

0.9.6i

OpenSSL Project OpenSSL 0.9.6j

0.9.6j

OpenSSL Project OpenSSL 0.9.6k

0.9.6k

OpenSSL Project OpenSSL 0.9.6l

0.9.6l

OpenSSL Project OpenSSL 0.9.6m

0.9.6m

OpenSSL Project OpenSSL

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

OpenSSL Project OpenSSL 0.9.7b

0.9.7b

OpenSSL Project OpenSSL 0.9.7c

0.9.7c

OpenSSL Project OpenSSL 0.9.7d

0.9.7d

OpenSSL Project OpenSSL 0.9.7e

0.9.7e

OpenSSL Project OpenSSL 0.9.7f

0.9.7f

OpenSSL Project OpenSSL 0.9.7g

0.9.7g

OpenSSL Project OpenSSL 0.9.7h

0.9.7h

OpenSSL Project OpenSSL 0.9.7i

0.9.7i

OpenSSL Project OpenSSL 0.9.7j

0.9.7j

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

References

20060901-01-P

BEA07-169.00

http://docs.info.apple.com/article.html?artnum=304829

http://docs.info.apple.com/article.html?artnum=307177

SSRT061273

HPSBMA02250

SSRT071299

JVN#51615542

JVNDB-2012-000079

APPLE-SA-2006-11-28

APPLE-SA-2007-12-14

[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]

SSRT090208

http://openvpn.net/changelog.html

21709

Patch, Vendor Advisory

21767

Vendor Advisory

21776

Vendor Advisory

21778

Vendor Advisory

21785

Vendor Advisory

21791

Vendor Advisory

21812

Vendor Advisory

21823

Vendor Advisory

21846

Vendor Advisory

21852

Vendor Advisory

21870

Vendor Advisory

21873

Vendor Advisory

21906

Vendor Advisory

21927

Vendor Advisory

21930

Vendor Advisory

21982

Vendor Advisory

22036

Vendor Advisory

22044

22066

22161

Vendor Advisory

22226

Vendor Advisory

22232

Vendor Advisory

22259

Vendor Advisory

22260

Vendor Advisory

22284

22325

22446

22509

22513

22523

22545

22585

22671

22689

22711

22733

22758

22799

22932

22934

22936

22937

22938

22939

22940

22948

22949

23155

23455

23680

23794

23841

23915

24099

24930

24950

25284

25399

25649

26329

26893

28115

31492

38567

38568

41818

60799

FreeBSD-SA-06:19

GLSA-200609-05

GLSA-200609-18

1016791

1017522

SSA:2006-310-01

SSA:2006-257-02

102648

102656

102657

102686

102696

102722

102744

102759

200708

201247

201534

1000148

http://support.attachmate.com/techdocs/2127.html

http://support.attachmate.com/techdocs/2128.html

http://support.attachmate.com/techdocs/2137.html

http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm

http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf

http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html

20061108 Multiple Vulnerabilities in OpenSSL Library

20061108 Multiple Vulnerabilities in OpenSSL library

DSA-1174

Patch

GLSA-200610-06

GLSA-201408-19

[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error

VU#845620

US Government Resource

MDKSA-2006:161

MDKSA-2006:177

MDKSA-2006:178

MDKSA-2006:207

http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

SUSE-SR:2006:026

SUSE-SA:2006:055

SUSE-SA:2006:061

SUSE-SA:2007:010

[3.9] 20060908 011: SECURITY FIX: September 8, 2006

http://www.openoffice.org/security/cves/CVE-2006-4339.html

OpenPKG-SA-2006.018

OpenPKG-SA-2006.029

http://www.openssl.org/news/secadv_20060905.txt

Patch, Vendor Advisory

http://www.opera.com/support/search/supsearch.dml?index=845

http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

28549

RHSA-2006:0661

Vendor Advisory

RHSA-2007:0062

RHSA-2007:0072

RHSA-2007:0073

RHSA-2008:0629

20060905 rPSA-2006-0163-1 openssl openssl-scripts

20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

HPSBUX02165

20070110 VMware ESX server security updates

20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

19849

Patch

22083

28276

http://www.serv-u.com/releasenotes/

http://www.sybase.com/detail?id=1047991

USN-339-1

Patch

DSA-1173

Patch

TA06-333A

US Government Resource

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

ADV-2006-3453

ADV-2006-3566

ADV-2006-3730

ADV-2006-3748

ADV-2006-3793

ADV-2006-3899

ADV-2006-3936

ADV-2006-4205

ADV-2006-4206

ADV-2006-4207

ADV-2006-4216

ADV-2006-4327

ADV-2006-4329

ADV-2006-4366

ADV-2006-4417

ADV-2006-4586

ADV-2006-4744

ADV-2006-4750

ADV-2006-5146

ADV-2007-0254

ADV-2007-0343

ADV-2007-1401

ADV-2007-1815

ADV-2007-1945

ADV-2007-2163

ADV-2007-2315

ADV-2007-2783

ADV-2007-4224

ADV-2008-0905

ADV-2010-0366

SSRT061181

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

openssl-rsa-security-bypass(28755)

https://issues.rpath.com/browse/RPL-1633

https://issues.rpath.com/browse/RPL-616

oval:org.mitre.oval:def:11656

https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html

SSRT071304

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.