Oval Definition:oval:org.mitre.oval:def:11656
Revision Date:2010-09-06Version:5
Title:OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Description:OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-4339
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Product(s):
Definition Synopsis
  • AND
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • openssl-perl is earlier than 0:0.9.7a-33.18
  • OR openssl-devel is earlier than 0:0.9.7a-33.18
  • OR openssl is earlier than 0:0.9.7a-33.18
  • OR openssl096b is earlier than 0:0.9.6b-16.43
  • OR
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • openssl-perl is earlier than 0:0.9.7a-43.11
  • OR openssl-devel is earlier than 0:0.9.7a-43.11
  • OR openssl is earlier than 0:0.9.7a-43.11
  • OR openssl096b is earlier than 0:0.9.6b-22.43
  • OR
  • redhat-release is version 3
  • java-1.4.2-ibm-plugin is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR java-1.4.2-ibm-devel is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR java-1.4.2-ibm is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR java-1.4.2-ibm-src is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR java-1.4.2-ibm-demo is earlier than 0:1.4.2.7-1jpp.4.el3
  • OR
  • redhat-release is version 4
  • java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.5.0-ibm-devel is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.5.0-ibm-src is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.5.0-ibm-demo is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.4.2-ibm-devel is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.4.2-ibm is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.4.2-ibm-src is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.4.2-ibm-javacomm is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.5.0-ibm is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.4.2-ibm-plugin is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.5.0-ibm-plugin is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.3-1jpp.3.el4
  • OR java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.7-1jpp.4.el4
  • OR java-1.4.2-ibm-demo is earlier than 0:1.4.2.7-1jpp.4.el4
    • BACK