U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2006-4339 Detail

Current Description

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.


View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc CVE, Inc., Red Hat
http://dev2dev.bea.com/pub/advisory/238 CVE, Inc., Red Hat
http://docs.info.apple.com/article.html?artnum=304829 CVE, Inc., Red Hat
http://docs.info.apple.com/article.html?artnum=307177 CVE, Inc., Red Hat
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 CVE, Inc., Red Hat
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 CVE, Inc., Red Hat
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 CVE, Inc., Red Hat
http://jvn.jp/en/jp/JVN51615542/index.html CVE, Inc., Red Hat
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html CVE, Inc., Red Hat
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html CVE, Inc., Red Hat
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html CVE, Inc., Red Hat
http://lists.vmware.com/pipermail/security-announce/2008/000008.html CVE, Inc., Red Hat
http://marc.info/?l=bind-announce&m=116253119512445&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=130497311408250&w=2 CVE, Inc., Red Hat
http://openvpn.net/changelog.html CVE, Inc., Red Hat
http://secunia.com/advisories/21709 CVE, Inc., Red Hat Patch  Vendor Advisory 
http://secunia.com/advisories/21767 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21776 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21778 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21785 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21791 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21812 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21823 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21846 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21852 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21870 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21873 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21906 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21927 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21930 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/21982 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22036 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22044 CVE, Inc., Red Hat
http://secunia.com/advisories/22066 CVE, Inc., Red Hat
http://secunia.com/advisories/22161 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22226 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22232 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22259 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22260 CVE, Inc., Red Hat Vendor Advisory 
http://secunia.com/advisories/22284 CVE, Inc., Red Hat
http://secunia.com/advisories/22325 CVE, Inc., Red Hat
http://secunia.com/advisories/22446 CVE, Inc., Red Hat
http://secunia.com/advisories/22509 CVE, Inc., Red Hat
http://secunia.com/advisories/22513 CVE, Inc., Red Hat
http://secunia.com/advisories/22523 CVE, Inc., Red Hat
http://secunia.com/advisories/22545 CVE, Inc., Red Hat
http://secunia.com/advisories/22585 CVE, Inc., Red Hat
http://secunia.com/advisories/22671 CVE, Inc., Red Hat
http://secunia.com/advisories/22689 CVE, Inc., Red Hat
http://secunia.com/advisories/22711 CVE, Inc., Red Hat
http://secunia.com/advisories/22733 CVE, Inc., Red Hat
http://secunia.com/advisories/22758 CVE, Inc., Red Hat
http://secunia.com/advisories/22799 CVE, Inc., Red Hat
http://secunia.com/advisories/22932 CVE, Inc., Red Hat
http://secunia.com/advisories/22934 CVE, Inc., Red Hat
http://secunia.com/advisories/22936 CVE, Inc., Red Hat
http://secunia.com/advisories/22937 CVE, Inc., Red Hat
http://secunia.com/advisories/22938 CVE, Inc., Red Hat
http://secunia.com/advisories/22939 CVE, Inc., Red Hat
http://secunia.com/advisories/22940 CVE, Inc., Red Hat
http://secunia.com/advisories/22948 CVE, Inc., Red Hat
http://secunia.com/advisories/22949 CVE, Inc., Red Hat
http://secunia.com/advisories/23155 CVE, Inc., Red Hat
http://secunia.com/advisories/23455 CVE, Inc., Red Hat
http://secunia.com/advisories/23680 CVE, Inc., Red Hat
http://secunia.com/advisories/23794 CVE, Inc., Red Hat
http://secunia.com/advisories/23841 CVE, Inc., Red Hat
http://secunia.com/advisories/23915 CVE, Inc., Red Hat
http://secunia.com/advisories/24099 CVE, Inc., Red Hat
http://secunia.com/advisories/24930 CVE, Inc., Red Hat
http://secunia.com/advisories/24950 CVE, Inc., Red Hat
http://secunia.com/advisories/25284 CVE, Inc., Red Hat
http://secunia.com/advisories/25399 CVE, Inc., Red Hat
http://secunia.com/advisories/25649 CVE, Inc., Red Hat
http://secunia.com/advisories/26329 CVE, Inc., Red Hat
http://secunia.com/advisories/26893 CVE, Inc., Red Hat
http://secunia.com/advisories/28115 CVE, Inc., Red Hat
http://secunia.com/advisories/31492 CVE, Inc., Red Hat
http://secunia.com/advisories/38567 CVE, Inc., Red Hat
http://secunia.com/advisories/38568 CVE, Inc., Red Hat
http://secunia.com/advisories/41818 CVE, Inc., Red Hat
http://secunia.com/advisories/60799 CVE, Inc., Red Hat
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc CVE, Inc., Red Hat
http://security.gentoo.org/glsa/glsa-200609-05.xml CVE, Inc., Red Hat
http://security.gentoo.org/glsa/glsa-200609-18.xml CVE, Inc., Red Hat
http://securitytracker.com/id?1016791 CVE, Inc., Red Hat
http://securitytracker.com/id?1017522 CVE, Inc., Red Hat
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 CVE, Inc., Red Hat
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1 CVE, Inc., Red Hat
http://support.attachmate.com/techdocs/2127.html CVE, Inc., Red Hat
http://support.attachmate.com/techdocs/2128.html CVE, Inc., Red Hat
http://support.attachmate.com/techdocs/2137.html CVE, Inc., Red Hat
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm CVE, Inc., Red Hat
http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf CVE, Inc., Red Hat
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html CVE, Inc., Red Hat
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html CVE, Inc., Red Hat
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml CVE, Inc., Red Hat
http://www.debian.org/security/2006/dsa-1174 CVE, Inc., Red Hat Patch 
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml CVE, Inc., Red Hat
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml CVE, Inc., Red Hat
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html CVE, Inc., Red Hat
http://www.kb.cert.org/vuls/id/845620 CVE, Inc., Red Hat US Government Resource 
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 CVE, Inc., Red Hat
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2006_26_sr.html CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2006_55_ssl.html CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2006_61_opera.html CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html CVE, Inc., Red Hat
http://www.openbsd.org/errata.html CVE, Inc., Red Hat
http://www.openoffice.org/security/cves/CVE-2006-4339.html CVE, Inc., Red Hat
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html CVE, Inc., Red Hat
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html CVE, Inc., Red Hat
http://www.openssl.org/news/secadv_20060905.txt CVE, Inc., Red Hat Patch  Vendor Advisory 
http://www.opera.com/support/search/supsearch.dml?index=845 CVE, Inc., Red Hat
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html CVE, Inc., Red Hat
http://www.osvdb.org/28549 CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2006-0661.html CVE, Inc., Red Hat Vendor Advisory 
http://www.redhat.com/support/errata/RHSA-2007-0062.html CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2007-0072.html CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2007-0073.html CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2008-0629.html CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/445231/100/0/threaded CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/445822/100/0/threaded CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/450327/100/0/threaded CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/456546/100/200/threaded CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/489739/100/0/threaded CVE, Inc., Red Hat
http://www.securityfocus.com/bid/19849 CVE, Inc., Red Hat Patch 
http://www.securityfocus.com/bid/22083 CVE, Inc., Red Hat
http://www.securityfocus.com/bid/28276 CVE, Inc., Red Hat
http://www.serv-u.com/releasenotes/ CVE, Inc., Red Hat
http://www.sybase.com/detail?id=1047991 CVE, Inc., Red Hat
http://www.ubuntu.com/usn/usn-339-1 CVE, Inc., Red Hat Patch 
http://www.us-cert.gov/cas/techalerts/TA06-333A.html CVE, Inc., Red Hat US Government Resource 
http://www.us.debian.org/security/2006/dsa-1173 CVE, Inc., Red Hat Patch 
http://www.vmware.com/security/advisories/VMSA-2008-0005.html CVE, Inc., Red Hat
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CVE, Inc., Red Hat
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/player/doc/releasenotes_player.html CVE, Inc., Red Hat
http://www.vmware.com/support/player2/doc/releasenotes_player2.html CVE, Inc., Red Hat
http://www.vmware.com/support/server/doc/releasenotes_server.html CVE, Inc., Red Hat
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CVE, Inc., Red Hat
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CVE, Inc., Red Hat
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3453 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3566 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3730 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3748 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3793 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3899 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/3936 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4205 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4206 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4207 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4216 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4327 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4329 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4366 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4417 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4586 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4744 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4750 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/5146 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/0254 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/0343 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/1401 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/1815 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/1945 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/2163 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/2315 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/2783 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/4224 CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2008/0905/references CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2010/0366 CVE, Inc., Red Hat
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 CVE, Inc., Red Hat
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 CVE, Inc., Red Hat
https://exchange.xforce.ibmcloud.com/vulnerabilities/28755 CVE, Inc., Red Hat
https://issues.rpath.com/browse/RPL-1633 CVE, Inc., Red Hat
https://issues.rpath.com/browse/RPL-616 CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656 CVE, Inc., Red Hat
https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html CVE, Inc., Red Hat
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 CVE, Inc., Red Hat

Weakness Enumeration

CWE-ID CWE Name Source
CWE-310 Cryptographic Issues cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

9 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2006-4339
NVD Published Date:
09/05/2006
NVD Last Modified:
04/02/2025
Source:
Red Hat, Inc.