Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-4339

Disclosure Date: September 05, 2006
CVE-2006-4339
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • openssl

Products

  • openssl,
  • openssl 0.9.1c,
  • openssl 0.9.2b,
  • openssl 0.9.3,
  • openssl 0.9.3a,
  • openssl 0.9.4,
  • openssl 0.9.5,
  • openssl 0.9.5a,
  • openssl 0.9.6,
  • openssl 0.9.6a,
  • openssl 0.9.6b,
  • openssl 0.9.6c,
  • openssl 0.9.6d,
  • openssl 0.9.6e,
  • openssl 0.9.6f,
  • openssl 0.9.6g,
  • openssl 0.9.6h,
  • openssl 0.9.6i,
  • openssl 0.9.6j,
  • openssl 0.9.6k,
  • openssl 0.9.6l,
  • openssl 0.9.6m,
  • openssl 0.9.7a,
  • openssl 0.9.7b,
  • openssl 0.9.7c,
  • openssl 0.9.7d,
  • openssl 0.9.7e,
  • openssl 0.9.7f,
  • openssl 0.9.7g,
  • openssl 0.9.7h,
  • openssl 0.9.7i,
  • openssl 0.9.7j,
  • openssl 0.9.8,
  • openssl 0.9.8a,
  • openssl 0.9.8b

References

Canonical
CVE-2006-4339 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339)
BID-22083 (http://www.securityfocus.com/bid/22083)
BID-28276 (http://www.securityfocus.com/bid/28276)
BID-19849 (http://www.securityfocus.com/bid/19849)
Advisory
ADV-2006-4750 (http://www.vupen.com/english/advisories/2006/4750)
SSRT061273 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495)
ADV-2006-3453 (http://www.vupen.com/english/advisories/2006/3453)
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
SECUNIA-23915 (http://secunia.com/advisories/23915)
SUNALERT-201534 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1)
HPSBMA02250 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771)
JVN#51615542 (http://jvn.jp/en/jp/JVN51615542/index.html)
SECUNIA-60799 (http://secunia.com/advisories/60799)
OSVDB-28549 (http://www.osvdb.org/28549)
ADV-2006-4366 (http://www.vupen.com/english/advisories/2006/4366)
SECUNIA-22932 (http://secunia.com/advisories/22932)
ADV-2006-3748 (http://www.vupen.com/english/advisories/2006/3748)
SECUNIA-21791 (http://secunia.com/advisories/21791)
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
GLSA-201408-19 (http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml)
SECUNIA-26893 (http://secunia.com/advisories/26893)
http://www.openssl.org/news/secadv_20060905.txt
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
SECUNIA-22509 (http://secunia.com/advisories/22509)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
http://www.redhat.com/support/errata/RHSA-2006-0661.html
http://www.novell.com/linux/security/advisories/2006_61_opera.html
SECUNIA-21930 (http://secunia.com/advisories/21930)
SECUNIA-22940 (http://secunia.com/advisories/22940)
SSRT071304 (https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144)
SECUNIA-21852 (http://secunia.com/advisories/21852)
SECUNIA-21823 (http://secunia.com/advisories/21823)
SUNALERT-102657 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1)
SECUNIA-22758 (http://secunia.com/advisories/22758)
SECUNIA-22938 (http://secunia.com/advisories/22938)
ADV-2006-3899 (http://www.vupen.com/english/advisories/2006/3899)
SECUNIA-22044 (http://secunia.com/advisories/22044)
ADV-2007-1945 (http://www.vupen.com/english/advisories/2007/1945)
http://www.redhat.com/support/errata/RHSA-2007-0062.html
ADV-2006-4206 (http://www.vupen.com/english/advisories/2006/4206)
ADV-2006-3730 (http://www.vupen.com/english/advisories/2006/3730)
SSRT071299 (http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540)
SECUNIA-21812 (http://secunia.com/advisories/21812)
SECUNIA-22523 (http://secunia.com/advisories/22523)
HPSBUX02165 (http://www.securityfocus.com/archive/1/450327/100/0/threaded)
SECUNIA-22689 (http://secunia.com/advisories/22689)
http://docs.info.apple.com/article.html?artnum=304829
SECUNIA-23794 (http://secunia.com/advisories/23794)
SSRT090208 (http://marc.info?l=bugtraq&m=130497311408250&w=2)
SUNALERT-102759 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1)
GLSA-200609-05 (http://security.gentoo.org/glsa/glsa-200609-05.xml)
SECUNIA-22711 (http://secunia.com/advisories/22711)
20060905 rPSA-2006-0163-1 openssl openssl-scripts (http://www.securityfocus.com/archive/1/445231/100/0/threaded)
SECUNIA-23680 (http://secunia.com/advisories/23680)
http://openvpn.net/changelog.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
SECUNIA-22733 (http://secunia.com/advisories/22733)
https://issues.rpath.com/browse/RPL-1633
SECUNIA-22949 (http://secunia.com/advisories/22949)
USN-339-1 (http://www.ubuntu.com/usn/usn-339-1)
ADV-2006-3566 (http://www.vupen.com/english/advisories/2006/3566)
http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
SUNALERT-102744 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1)
SECUNIA-22446 (http://secunia.com/advisories/22446)
SECUNIA-22939 (http://secunia.com/advisories/22939)
SECUNIA-24099 (http://secunia.com/advisories/24099)
20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery (http://www.securityfocus.com/archive/1/445822/100/0/threaded)
SECUNIA-25284 (http://secunia.com/advisories/25284)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
SECTRACK-1016791 (http://securitytracker.com/id?1016791)
SECUNIA-25649 (http://secunia.com/advisories/25649)
ADV-2010-0366 (http://www.vupen.com/english/advisories/2010/0366)
SECUNIA-22671 (http://secunia.com/advisories/22671)
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error (http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)
SUNALERT-102722 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1)
SECUNIA-21785 (http://secunia.com/advisories/21785)
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
SECUNIA-31492 (http://secunia.com/advisories/31492)
ADV-2006-4329 (http://www.vupen.com/english/advisories/2006/4329)
DSA-1173 (http://www.us.debian.org/security/2006/dsa-1173)
SECUNIA-38567 (http://secunia.com/advisories/38567)
SECUNIA-22284 (http://secunia.com/advisories/22284)
SECUNIA-24930 (http://secunia.com/advisories/24930)
ADV-2006-4327 (http://www.vupen.com/english/advisories/2006/4327)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
SECUNIA-21778 (http://secunia.com/advisories/21778)
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SUNALERT-102696 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1)
APPLE-SA-2007-12-14 (http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html)
ADV-2007-2163 (http://www.vupen.com/english/advisories/2007/2163)
SECUNIA-26329 (http://secunia.com/advisories/26329)
SECUNIA-22260 (http://secunia.com/advisories/22260)
https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
ADV-2007-0343 (http://www.vupen.com/english/advisories/2007/0343)
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
SUNALERT-102656 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
SECUNIA-21982 (http://secunia.com/advisories/21982)
http://support.attachmate.com/techdocs/2137.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
https://issues.rpath.com/browse/RPL-616
http://support.attachmate.com/techdocs/2127.html
GLSA-200610-06 (http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml)
DSA-1174 (http://www.debian.org/security/2006/dsa-1174)
SECUNIA-23155 (http://secunia.com/advisories/23155)
SUNALERT-1000148 (http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1)
http://www.openoffice.org/security/cves/CVE-2006-4339.html
SECUNIA-22799 (http://secunia.com/advisories/22799)
ADV-2006-4207 (http://www.vupen.com/english/advisories/2006/4207)
ADV-2006-4417 (http://www.vupen.com/english/advisories/2006/4417)
http://www.sybase.com/detail?id=1047991
SECUNIA-21873 (http://secunia.com/advisories/21873)
http://www.redhat.com/support/errata/RHSA-2007-0072.html
JVNDB-2012-000079 (http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html)
http://www.serv-u.com/releasenotes
ADV-2006-4744 (http://www.vupen.com/english/advisories/2006/4744)
SECUNIA-38568 (http://secunia.com/advisories/38568)
SECUNIA-21846 (http://secunia.com/advisories/21846)
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ADV-2007-0254 (http://www.vupen.com/english/advisories/2007/0254)
SSRT061181 (http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742)
ADV-2007-4224 (http://www.vupen.com/english/advisories/2007/4224)
SECUNIA-22161 (http://secunia.com/advisories/22161)
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] (http://marc.info?l=bind-announce&m=116253119512445&w=2)
SECUNIA-22937 (http://secunia.com/advisories/22937)
SECUNIA-22325 (http://secunia.com/advisories/22325)
SUNALERT-102648 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1)
ADV-2007-2315 (http://www.vupen.com/english/advisories/2007/2315)
http://www.opera.com/support/search/supsearch.dml?index=845
APPLE-SA-2006-11-28 (http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html)
SECUNIA-21767 (http://secunia.com/advisories/21767)
ADV-2007-1815 (http://www.vupen.com/english/advisories/2007/1815)
SECUNIA-22232 (http://secunia.com/advisories/22232)
TA06-333A (http://www.us-cert.gov/cas/techalerts/TA06-333A.html)
SECUNIA-21906 (http://secunia.com/advisories/21906)
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (http://www.securityfocus.com/archive/1/489739/100/0/threaded)
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (http://lists.vmware.com/pipermail/security-announce/2008/000008.html)
SECUNIA-22934 (http://secunia.com/advisories/22934)
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
SECUNIA-22585 (http://secunia.com/advisories/22585)
SECUNIA-25399 (http://secunia.com/advisories/25399)
ADV-2008-0905 (http://www.vupen.com/english/advisories/2008/0905/references)
ADV-2007-1401 (http://www.vupen.com/english/advisories/2007/1401)
SUNALERT-201247 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1)
XF-openssl-rsa-security-bypass(28755) (https://exchange.xforce.ibmcloud.com/vulnerabilities/28755)
SECUNIA-22513 (http://secunia.com/advisories/22513)
SECUNIA-41818 (http://secunia.com/advisories/41818)
http://support.attachmate.com/techdocs/2128.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
SECUNIA-21776 (http://secunia.com/advisories/21776)
SECUNIA-23455 (http://secunia.com/advisories/23455)
20070110 VMware ESX server security updates (http://www.securityfocus.com/archive/1/456546/100/200/threaded)
SECUNIA-28115 (http://secunia.com/advisories/28115)
SECUNIA-22226 (http://secunia.com/advisories/22226)
ADV-2006-3936 (http://www.vupen.com/english/advisories/2006/3936)
SECUNIA-22066 (http://secunia.com/advisories/22066)
SECUNIA-22936 (http://secunia.com/advisories/22936)
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
SECUNIA-22545 (http://secunia.com/advisories/22545)
SECTRACK-1017522 (http://securitytracker.com/id?1017522)
SECUNIA-22948 (http://secunia.com/advisories/22948)
20061108 Multiple Vulnerabilities in OpenSSL Library (http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html)
SECUNIA-23841 (http://secunia.com/advisories/23841)
ADV-2006-4205 (http://www.vupen.com/english/advisories/2006/4205)
ADV-2007-2783 (http://www.vupen.com/english/advisories/2007/2783)
SECUNIA-22259 (http://secunia.com/advisories/22259)
SECUNIA-22036 (http://secunia.com/advisories/22036)
SUNALERT-200708 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1)
ADV-2006-4586 (http://www.vupen.com/english/advisories/2006/4586)
SECUNIA-21927 (http://secunia.com/advisories/21927)
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ADV-2006-5146 (http://www.vupen.com/english/advisories/2006/5146)
SECUNIA-21870 (http://secunia.com/advisories/21870)
ADV-2006-4216 (http://www.vupen.com/english/advisories/2006/4216)
ADV-2006-3793 (http://www.vupen.com/english/advisories/2006/3793)
SECUNIA-21709 (http://secunia.com/advisories/21709)
VU#845620 (http://www.kb.cert.org/vuls/id/845620)
GLSA-200609-18 (http://security.gentoo.org/glsa/glsa-200609-18.xml)
20061108 Multiple Vulnerabilities in OpenSSL library (http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml)
SUNALERT-102686 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1)
SECUNIA-24950 (http://secunia.com/advisories/24950)
Miscellaneous
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere
http://docs.info.apple.com/article.html?artnum=307177
BEA07-169.00 (http://dev2dev.bea.com/pub/advisory/238)
OpenPKG-SA-2006.029 (http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html)
[3.9] 20060908 011: SECURITY FIX: September 8, 2006 (http://www.openbsd.org/errata.html)
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
OpenPKG-SA-2006.018 (http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html)
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://www.serv-u.com/releasenotes/
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis