CVE-2006-4339 : Detail

CVE-2006-4339

A02-Cryptographic Failures
3.73%V4
Network
2006-09-05
15h00 +00:00
2018-10-17
18h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-310 Category : Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Openssl>>Openssl >> Version To (including) 0.9.7

Openssl>>Openssl >> Version 0.9.1c

Openssl>>Openssl >> Version 0.9.2b

Openssl>>Openssl >> Version 0.9.3

Openssl>>Openssl >> Version 0.9.3a

Openssl>>Openssl >> Version 0.9.4

Openssl>>Openssl >> Version 0.9.5

Openssl>>Openssl >> Version 0.9.5

Openssl>>Openssl >> Version 0.9.5

Openssl>>Openssl >> Version 0.9.5a

Openssl>>Openssl >> Version 0.9.5a

Openssl>>Openssl >> Version 0.9.5a

Openssl>>Openssl >> Version 0.9.6

Openssl>>Openssl >> Version 0.9.6

Openssl>>Openssl >> Version 0.9.6

Openssl>>Openssl >> Version 0.9.6

Openssl>>Openssl >> Version 0.9.6a

Openssl>>Openssl >> Version 0.9.6a

Openssl>>Openssl >> Version 0.9.6a

Openssl>>Openssl >> Version 0.9.6a

Openssl>>Openssl >> Version 0.9.6b

Openssl>>Openssl >> Version 0.9.6c

Openssl>>Openssl >> Version 0.9.6d

Openssl>>Openssl >> Version 0.9.6e

Openssl>>Openssl >> Version 0.9.6f

Openssl>>Openssl >> Version 0.9.6g

Openssl>>Openssl >> Version 0.9.6h

Openssl>>Openssl >> Version 0.9.6i

Openssl>>Openssl >> Version 0.9.6j

Openssl>>Openssl >> Version 0.9.6k

Openssl>>Openssl >> Version 0.9.6l

Openssl>>Openssl >> Version 0.9.6m

Openssl>>Openssl >> Version 0.9.7a

Openssl>>Openssl >> Version 0.9.7b

Openssl>>Openssl >> Version 0.9.7c

Openssl>>Openssl >> Version 0.9.7d

Openssl>>Openssl >> Version 0.9.7e

Openssl>>Openssl >> Version 0.9.7f

Openssl>>Openssl >> Version 0.9.7g

Openssl>>Openssl >> Version 0.9.7h

Openssl>>Openssl >> Version 0.9.7i

Openssl>>Openssl >> Version 0.9.7j

Openssl>>Openssl >> Version 0.9.8

Openssl>>Openssl >> Version 0.9.8a

Openssl>>Openssl >> Version 0.9.8b

References

http://www.vupen.com/english/advisories/2006/4750
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3453
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23915
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://jvn.jp/en/jp/JVN51615542/index.html
Tags : third-party-advisory, x_refsource_JVN
http://secunia.com/advisories/60799
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/28549
Tags : vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/4366
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22932
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3748
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21791
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/26893
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22509
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0661.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/21930
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22940
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21852
Tags : third-party-advisory, x_refsource_SECUNIA
http://dev2dev.bea.com/pub/advisory/238
Tags : vendor-advisory, x_refsource_BEA
http://secunia.com/advisories/21823
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/22758
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22938
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3899
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22044
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1945
Tags : vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0062.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2006/4206
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3730
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21812
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22523
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22689
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23794
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Tags : vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://security.gentoo.org/glsa/glsa-200609-05.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22711
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680
Tags : third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.html
Tags : x_refsource_CONFIRM
http://www.openbsd.org/errata.html
Tags : vendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/22733
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22949
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-339-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/3566
Tags : vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/22446
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22939
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24099
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25284
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/22083
Tags : vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
Tags : vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1016791
Tags : vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/25649
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0366
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22671
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21785
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4329
Tags : vdb-entry, x_refsource_VUPEN
http://www.us.debian.org/security/2006/dsa-1173
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/38567
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22284
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24930
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4327
Tags : vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21778
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0629.html
Tags : vendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/2163
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26329
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0343
Tags : vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21982
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2006/dsa-1174
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23155
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4207
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4417
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21873
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Tags : vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2007-0072.html
Tags : vendor-advisory, x_refsource_REDHAT
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
Tags : third-party-advisory, x_refsource_JVNDB
http://www.serv-u.com/releasenotes/
Tags : x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4744
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/38568
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21846
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0254
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/4224
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22161
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bind-announce&m=116253119512445&w=2
Tags : mailing-list, x_refsource_MLIST
http://secunia.com/advisories/22937
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22325
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/2315
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21767
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1815
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22232
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Tags : third-party-advisory, x_refsource_CERT
http://secunia.com/advisories/21906
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22934
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0073.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/22585
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25399
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1401
Tags : vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/22513
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/41818
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21776
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23455
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28115
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22226
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3936
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22066
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22936
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22545
Tags : third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017522
Tags : vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/22948
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23841
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4205
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2006/4586
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21927
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5146
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21870
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4216
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3793
Tags : vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/28276
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/21709
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/845620
Tags : third-party-advisory, x_refsource_CERT-VN
http://security.gentoo.org/glsa/glsa-200609-18.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/24950
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19849
Tags : vdb-entry, x_refsource_BID