CVE-2006-4339
CVE-2006-4339
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/http://www.vupen.com/english/advisories/2006/4750http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495http://www.vupen.com/english/advisories/2006/3453http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlhttp://secunia.com/advisories/23915http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771http://jvn.jp/en/jp/JVN51615542/index.htmlhttp://docs.info.apple.com/article.html?artnum=307177http://secunia.com/advisories/60799http://www.osvdb.org/28549