CVE-2006-5201

Severity

40%

Complexity

49%

Confidentiality

81%

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:P).

Overview

First reported 18 years ago

2006-10-10 04:06:00

Last updated 5 years ago

2019-07-31 12:45:00

Affected Software

Sun NSS

Sun Secure Global Desktop

Sun StarOffice

Sun Solaris 9.0 for SPARC

9.0
sparc

Sun Solaris 10.0 for SPARC

10.0
sparc

Sun SunOS (Solaris 8) 5.8

5.8

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 1.5 _07-b03

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JRE 1.3.1

1.3.1

Sun JRE 1.3.1_2

1.3.1_2

Sun JRE 1.3.1_03

1.3.1_03

Sun JRE 1.3.1_04

1.3.1_04

Sun JRE 1.3.1_05

1.3.1_05

Sun JRE 1.3.1_06

1.3.1_06

Sun JRE 1.3.1_07

1.3.1_07

Sun JRE 1.3.1_08

1.3.1_08

Sun JRE 1.3.1_09

1.3.1_09

Sun JRE 1.3.1_10

1.3.1_10

Sun JRE 1.3.1_11

1.3.1_11

Sun JRE 1.3.1_12

1.3.1_12

Sun JRE 1.3.1_13

1.3.1_13

Sun JRE 1.3.1_14

1.3.1_14

Sun JRE 1.3.1_15

1.3.1_15

Sun JRE 1.3.1_16

1.3.1_16

Sun JRE 1.3.1_17

1.3.1_17

Sun JRE 1.3.1_18

1.3.1_18

Sun JRE 1.3.1_19

1.3.1_19

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun SDK 1.3.1

1.3.1

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_02

1.3.1_02

Sun SDK 1.3.1_03

1.3.1_03

Sun SDK 1.3.1_04

1.3.1_04

Sun SDK 1.3.1_05

1.3.1_05

Sun SDK 1.3.1_06

1.3.1_06

Sun SDK 1.3.1_07

1.3.1_07

Sun SDK 1.3.1_08

1.3.1_08

Sun SDK 1.3.1_09

1.3.1_09

Sun SDK 1.3.1_10

1.3.1_10

Sun SDK 1.3.1_11

1.3.1_11

Sun SDK 1.3.1_12

1.3.1_12

Sun SDK 1.3.1_13

1.3.1_13

Sun SDK 1.3.1_14

1.3.1_14

Sun SDK 1.3.1_15

1.3.1_15

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_17

1.3.1_17

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

Sun SDK 1.4.2_2

1.4.2_2

Sun SDK 1.4.2_3

1.4.2_3

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun JSSE 1.0.3

1.0.3

Sun JSSE 1.0.3 _01

1.0.3_01

Sun JSSE 1.0.3 _02

1.0.3_02

Sun JSSE 1.0.3_03

1.0.3_03

References

22204

Patch, Third Party Advisory

22226

Third Party Advisory

22325

Third Party Advisory

22992

Third Party Advisory

102648

Broken Link

102657

Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

Third Party Advisory

VU#845620

Third Party Advisory, US Government Resource

ADV-2006-3898

Permissions Required

ADV-2006-3899

Permissions Required

ADV-2006-3960

Permissions Required

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.