Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 8/30/2014 10:20:04 PM

CVE Publication rate: 13.4

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 5.9
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2006-4339

Original release date: 09/05/2006
Last revised: 08/30/2013
Source: US-CERT/NIST

Overview

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)
Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM
Name: http://www.vmware.com/support/player/doc/releasenotes_player.html
External Source: DEBIAN
Name: DSA-1173
Type: Patch Information
External Source: DEBIAN
Name: DSA-1174
Type: Patch Information
External Source: SUNALERT
Name: 102686
External Source: SECUNIA
Name: 21812
Type: Advisory
External Source: VUPEN
Name: ADV-2006-3453
External Source: MLIST
Name: [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
External Source: BID
Name: 19849
Type: Patch Information
External Source: REDHAT
Name: RHSA-2006:0661
Type: Advisory
External Source: HP
Name: HPSBOV02683
External Source: CONFIRM
Name: http://www.openoffice.org/security/cves/CVE-2006-4339.html
External Source: VUPEN
Name: ADV-2010-0366
External Source: HP
Name: HPSBUX02219
External Source: CONFIRM
Name: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
External Source: SECUNIA
Name: 23455
External Source: SECUNIA
Name: 21823
Type: Advisory
External Source: OSVDB
Name: 28549
External Source: SUNALERT
Name: 102722
External Source: HP
Name: HPSBTU02207
External Source: SECUNIA
Name: 25649
External Source: SECUNIA
Name: 21870
Type: Advisory
External Source: SECUNIA
Name: 22446
External Source: SECUNIA
Name: 22940
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-616
External Source: SECUNIA
Name: 22044
External Source: SECUNIA
Name: 21982
Type: Advisory
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2137.html
External Source: SECUNIA
Name: 22937
External Source: SLACKWARE
Name: SSA:2006-310-01
External Source: SECUNIA
Name: 24099
External Source: VUPEN
Name: ADV-2006-3748
External Source: MANDRIVA
Name: MDKSA-2006:161
External Source: REDHAT
Name: RHSA-2007:0073
External Source: SECUNIA
Name: 22939
External Source: FREEBSD
Name: FreeBSD-SA-06:19
External Source: JVN
Name: JVN#51615542
External Source: SUNALERT
Name: 201247
External Source: VUPEN
Name: ADV-2006-3793
External Source: APPLE
Name: APPLE-SA-2006-11-28
External Source: CONFIRM
Name: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
External Source: SECUNIA
Name: 22036
Type: Advisory
US-CERT Vulnerability Note: CERT-VN
Name: VU#845620
External Source: CONFIRM
Name: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
External Source: SECUNIA
Name: 22932
External Source: VUPEN
Name: ADV-2006-4750
External Source: JVNDB
Name: JVNDB-2012-000079
External Source: SECUNIA
Name: 22260
Type: Advisory
External Source: VUPEN
Name: ADV-2006-3936
External Source: HP
Name: SSRT061273
External Source: VUPEN
Name: ADV-2006-4744
External Source: SECUNIA
Name: 38568
External Source: SECUNIA
Name: 23155
External Source: SLACKWARE
Name: SSA:2006-257-02
External Source: VUPEN
Name: ADV-2006-3730
External Source: SUNALERT
Name: 201534
External Source: HP
Name: SSRT071299
External Source: SECUNIA
Name: 22758
External Source: SECUNIA
Name: 22689
External Source: SUNALERT
Name: 102696
External Source: SECUNIA
Name: 21767
Type: Advisory
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2008-0005.html
External Source: HP
Name: HPSBUX02165
External Source: SECUNIA
Name: 21852
Type: Advisory
External Source: REDHAT
Name: RHSA-2008:0629
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2127.html
External Source: SECUNIA
Name: 23841
External Source: SECUNIA
Name: 22523
External Source: CONFIRM
Name: http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
External Source: SECUNIA
Name: 22733
External Source: SECUNIA
Name: 22513
External Source: VUPEN
Name: ADV-2007-2783
External Source: SUSE
Name: SUSE-SA:2007:010
External Source: CONFIRM
Name: http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
External Source: CONFIRM
Name: http://www.opera.com/support/search/supsearch.dml?index=845
External Source: CONFIRM
Name: http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
External Source: CONFIRM
Name: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
External Source: SECUNIA
Name: 21776
Type: Advisory
External Source: SUNALERT
Name: 102657
External Source: SECUNIA
Name: 21873
Type: Advisory
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-1633
External Source: SECTRACK
Name: 1016791
External Source: VUPEN
Name: ADV-2006-4366
External Source: SECUNIA
Name: 22545
External Source: CONFIRM
Name: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
External Source: SECUNIA
Name: 22938
External Source: MISC
Name: http://docs.info.apple.com/article.html?artnum=307177
External Source: SECUNIA
Name: 26329
External Source: SECUNIA
Name: 21927
Type: Advisory
External Source: VUPEN
Name: ADV-2006-3899
External Source: CONFIRM
Name: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
External Source: BUGTRAQ
Name: 20060905 rPSA-2006-0163-1 openssl openssl-scripts
External Source: SECUNIA
Name: 21778
Type: Advisory
External Source: BEA
Name: BEA07-169.00
External Source: SECUNIA
Name: 22509
External Source: CISCO
Name: 20061108 Multiple Vulnerabilities in OpenSSL library
External Source: SECUNIA
Name: 28115
External Source: VUPEN
Name: ADV-2006-5146
External Source: VUPEN
Name: ADV-2006-4216
External Source: GENTOO
Name: GLSA-200609-05
External Source: HP
Name: SSRT061266
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
External Source: VUPEN
Name: ADV-2006-4327
US-CERT Vulnerability Note: CERT
Name: TA06-333A
External Source: GENTOO
Name: GLSA-200609-18
External Source: VUPEN
Name: ADV-2007-2163
External Source: CONFIRM
Name: http://docs.info.apple.com/article.html?artnum=304829
External Source: HP
Name: HPSBUX02186
External Source: SECUNIA
Name: 24930
External Source: SGI
Name: 20060901-01-P
External Source: VUPEN
Name: ADV-2007-1401
External Source: CONFIRM
Name: https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
External Source: SECUNIA
Name: 26893
External Source: OPENBSD
Name: [3.9] 20060908 011: SECURITY FIX: September 8, 2006
External Source: GENTOO
Name: GLSA-200610-06
External Source: VUPEN
Name: ADV-2006-4207
External Source: SECUNIA
Name: 22066
External Source: SECUNIA
Name: 22259
Type: Advisory
External Source: SECUNIA
Name: 22934
External Source: VUPEN
Name: ADV-2007-1815
External Source: SECUNIA
Name: 23680
External Source: CONFIRM
Name: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
External Source: OPENPKG
Name: OpenPKG-SA-2006.029
External Source: VUPEN
Name: ADV-2007-2315
External Source: SECUNIA
Name: 25284
External Source: VUPEN
Name: ADV-2007-0343
External Source: BUGTRAQ
Name: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
External Source: REDHAT
Name: RHSA-2007:0062
External Source: VUPEN
Name: ADV-2007-1945
External Source: SECUNIA
Name: 23794
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2128.html
External Source: VUPEN
Name: ADV-2006-4586
External Source: HP
Name: HPSBUX02153
External Source: MANDRIVA
Name: MDKSA-2006:177
External Source: REDHAT
Name: RHSA-2007:0072
External Source: SECUNIA
Name: 22325
External Source: HP
Name: HPSBMA02250
External Source: MISC
Name: http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
External Source: HP
Name: SSRT090208
External Source: SECUNIA
Name: 21709
Type: Advisory; Patch Information
External Source: XF
Name: openssl-rsa-security-bypass(28755)
External Source: CONFIRM
Name: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
External Source: SUSE
Name: SUSE-SA:2006:055
External Source: SUNALERT
Name: 102656
External Source: VUPEN
Name: ADV-2006-4417
External Source: MANDRIVA
Name: MDKSA-2006:178
External Source: HP
Name: SSRT061239
External Source: HP
Name: SSRT071304
External Source: CONFIRM
Name: http://www.sybase.com/detail?id=1047991
External Source: SECUNIA
Name: 22161
Type: Advisory
External Source: SECUNIA
Name: 23915
External Source: SECUNIA
Name: 22799
External Source: SECUNIA
Name: 22232
Type: Advisory
External Source: SECUNIA
Name: 22711
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
External Source: SECUNIA
Name: 31492
External Source: SUNALERT
Name: 102648
External Source: VUPEN
Name: ADV-2006-4329
External Source: CONFIRM
Name: http://www.serv-u.com/releasenotes/
External Source: SUNALERT
Name: 1000148
External Source: MANDRIVA
Name: MDKSA-2006:207
External Source: SUNALERT
Name: 102744
External Source: SECUNIA
Name: 22949
External Source: BID
Name: 22083
External Source: CONFIRM
Name: http://www.vmware.com/support/server/doc/releasenotes_server.html
External Source: VUPEN
Name: ADV-2006-3566
External Source: BUGTRAQ
Name: 20070110 VMware ESX server security updates
External Source: OPENPKG
Name: OpenPKG-SA-2006.018
External Source: SECUNIA
Name: 25399
External Source: CONFIRM
Name: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
External Source: SECUNIA
Name: 22226
Type: Advisory
External Source: VUPEN
Name: ADV-2008-0905
External Source: SECUNIA
Name: 21791
Type: Advisory
External Source: SECUNIA
Name: 21906
Type: Advisory
External Source: SECUNIA
Name: 22671
External Source: HP
Name: SSRT061181
External Source: SUSE
Name: SUSE-SR:2006:026
External Source: SECUNIA
Name: 22948
External Source: SECUNIA
Name: 38567
External Source: SUSE
Name: SUSE-SA:2006:061
External Source: SECTRACK
Name: 1017522
External Source: SECUNIA
Name: 22936
External Source: SECUNIA
Name: 21930
Type: Advisory
External Source: VUPEN
Name: ADV-2006-4205
External Source: SUNALERT
Name: 102759
External Source: CISCO
Name: 20061108 Multiple Vulnerabilities in OpenSSL Library
External Source: SECUNIA
Name: 24950
External Source: BID
Name: 28276
External Source: UBUNTU
Name: USN-339-1
Type: Patch Information
External Source: HP
Name: SSRT061213
External Source: OVAL
Name: oval:org.mitre.oval:def:11656
External Source: CONFIRM
Name: http://www.openssl.org/news/secadv_20060905.txt
Type: Advisory; Patch Information
External Source: VUPEN
Name: ADV-2006-4206
External Source: CONFIRM
Name: http://openvpn.net/changelog.html
External Source: SECUNIA
Name: 21846
Type: Advisory
External Source: SECUNIA
Name: 22284
External Source: VUPEN
Name: ADV-2007-0254
External Source: HP
Name: SSRT061275
External Source: SECUNIA
Name: 21785
Type: Advisory
External Source: SUNALERT
Name: 200708
External Source: APPLE
Name: APPLE-SA-2007-12-14
External Source: MLIST
Name: [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
External Source: BUGTRAQ
Name: 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
External Source: CONFIRM
Name: http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
External Source: MLIST
Name: [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
External Source: VUPEN
Name: ADV-2007-4224
External Source: SECUNIA
Name: 22585

References to Check Content

Identifier: oval:org.mitre.oval:def:11656
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5

Vulnerable software and versions

Skip Navigation Links.
Collapse Configuration 1Configuration 1
Collapse OROR
* cpe:/a:openssl:openssl:0.9.7a
* cpe:/a:openssl:openssl:0.9.7b
* cpe:/a:openssl:openssl:0.9.7c
* cpe:/a:openssl:openssl:0.9.7d
* cpe:/a:openssl:openssl:0.9.7e
* cpe:/a:openssl:openssl:0.9.7f
* cpe:/a:openssl:openssl:0.9.7g
* cpe:/a:openssl:openssl:0.9.7h
* cpe:/a:openssl:openssl:0.9.7i
* cpe:/a:openssl:openssl:0.9.7j
* cpe:/a:openssl:openssl:0.9.8
* cpe:/a:openssl:openssl:0.9.8a
* cpe:/a:openssl:openssl:0.9.8b
* cpe:/a:openssl:openssl:0.9.7 and previous versions
* cpe:/a:openssl:openssl:0.9.6g
* cpe:/a:openssl:openssl:0.9.6f
* cpe:/a:openssl:openssl:0.9.6i
* cpe:/a:openssl:openssl:0.9.6h
* cpe:/a:openssl:openssl:0.9.6c
* cpe:/a:openssl:openssl:0.9.6e
* cpe:/a:openssl:openssl:0.9.6d
* cpe:/a:openssl:openssl:0.9.6k
* cpe:/a:openssl:openssl:0.9.6j
* cpe:/a:openssl:openssl:0.9.6l
* cpe:/a:openssl:openssl:0.9.5a:beta2
* cpe:/a:openssl:openssl:0.9.6b
* cpe:/a:openssl:openssl:0.9.6a
* cpe:/a:openssl:openssl:0.9.6a:beta1
* cpe:/a:openssl:openssl:0.9.6a:beta2
* cpe:/a:openssl:openssl:0.9.6a:beta3
* cpe:/a:openssl:openssl:0.9.6
* cpe:/a:openssl:openssl:0.9.6:beta1
* cpe:/a:openssl:openssl:0.9.6:beta2
* cpe:/a:openssl:openssl:0.9.6:beta3
* cpe:/a:openssl:openssl:0.9.5:beta2
* cpe:/a:openssl:openssl:0.9.5a
* cpe:/a:openssl:openssl:0.9.5a:beta1
* cpe:/a:openssl:openssl:0.9.3a
* cpe:/a:openssl:openssl:0.9.4
* cpe:/a:openssl:openssl:0.9.5
* cpe:/a:openssl:openssl:0.9.5:beta1
* cpe:/a:openssl:openssl:0.9.3
* cpe:/a:openssl:openssl:0.9.2b
* cpe:/a:openssl:openssl:0.9.1c
* cpe:/a:openssl:openssl:0.9.6m
* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)