Oval Definition:oval:org.mitre.oval:def:1648
Revision Date:2007-09-27Version:17
Title:Security Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike Library
Description:The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-7140
Platform(s):Sun Solaris 10
Sun Solaris 9
Product(s):
Definition Synopsis
  • Solaris 9 (SPARC) meets Sun Alert 102722
  • Solaris 9 (SPARC) is installed
  • AND NOT Patch 113451-12 or later installed
  • OR Solaris 10 (SPARC) meets Sun Alert 102722
  • Solaris 10 (SPARC) is installed
  • AND NOT Patch 118371-08 or later installed
  • OR Solaris 9 (x86) meets Sun Alert 102722
  • Solaris 9 (x86) is installed
  • AND NOT Patch 114435-11 or later installed
  • OR Solaris 10 (x86) meets Sun Alert 102722
  • Solaris 10 (x86) is installed
  • AND NOT Patch 118372-08 or later installed
    • BACK