CVE-2006-5201

MEDIUM

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

References

http://secunia.com/advisories/22204

http://secunia.com/advisories/22226

http://secunia.com/advisories/22325

http://secunia.com/advisories/22992

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

http://www.kb.cert.org/vuls/id/845620

http://www.vupen.com/english/advisories/2006/3898

http://www.vupen.com/english/advisories/2006/3899

http://www.vupen.com/english/advisories/2006/3960

Details

Source: MITRE

Published: 2006-10-10

Updated: 2019-07-31

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:nss:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:secure_global_desktop:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:sun:solaris:9.0:*:*:*:*:sparc:*:*

cpe:2.3:o:sun:solaris:10.0:*:*:*:*:sparc:*:*

cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:jre:1.3.1:-:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2:-:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jsse:1.0.3_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:jsse:1.0.3_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:jsse:1.0.3_03:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
109912Solaris 10 (x86) : 119214-37NessusSolaris Local Security Checks
medium
109911Solaris 10 (sparc) : 119213-37NessusSolaris Local Security Checks
medium
109884Solaris 10 (x86) : 119214-38NessusSolaris Local Security Checks
medium
109882Solaris 10 (sparc) : 119213-38NessusSolaris Local Security Checks
medium
107877Solaris 10 (x86) : 121230-02NessusSolaris Local Security Checks
critical
107816Solaris 10 (x86) : 119214-36NessusSolaris Local Security Checks
medium
107815Solaris 10 (x86) : 119214-33NessusSolaris Local Security Checks
medium
107814Solaris 10 (x86) : 119214-32NessusSolaris Local Security Checks
medium
107813Solaris 10 (x86) : 119214-31NessusSolaris Local Security Checks
medium
107812Solaris 10 (x86) : 119214-30NessusSolaris Local Security Checks
medium
107811Solaris 10 (x86) : 119214-27 (BEAST)NessusSolaris Local Security Checks
medium
107796Solaris 10 (x86) : 116649-25NessusSolaris Local Security Checks
high
107376Solaris 10 (sparc) : 121229-02NessusSolaris Local Security Checks
critical
107313Solaris 10 (sparc) : 119213-36NessusSolaris Local Security Checks
medium
107312Solaris 10 (sparc) : 119213-33NessusSolaris Local Security Checks
medium
107311Solaris 10 (sparc) : 119213-32NessusSolaris Local Security Checks
medium
107310Solaris 10 (sparc) : 119213-31NessusSolaris Local Security Checks
medium
107309Solaris 10 (sparc) : 119213-30NessusSolaris Local Security Checks
medium
107308Solaris 10 (sparc) : 119213-27 (BEAST)NessusSolaris Local Security Checks
medium
107295Solaris 10 (sparc) : 116648-25NessusSolaris Local Security Checks
high
27918Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerability (USN-339-1)NessusUbuntu Local Security Checks
medium
27031Solaris 9 (x86) : 122715-03NessusSolaris Local Security Checks
high
26166Solaris 9 (sparc) : 117123-10NessusSolaris Local Security Checks
high
24592Mandrake Linux Security Advisory : bind (MDKSA-2006:207)NessusMandriva Local Security Checks
medium
24564Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)NessusMandriva Local Security Checks
critical
24563Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)NessusMandriva Local Security Checks
critical
23905Mandrake Linux Security Advisory : openssl (MDKSA-2006:161)NessusMandriva Local Security Checks
medium
23519Solaris 9 (sparc) : 116648-25NessusSolaris Local Security Checks
high
23414Solaris 8 (sparc) : 119209-36NessusSolaris Local Security Checks
high
23381Solaris 8 (sparc) : 116648-25NessusSolaris Local Security Checks
high
23361Solaris 8 (sparc) : 114045-14NessusSolaris Local Security Checks
medium
22946Solaris 10 (sparc) : 116648-25 (deprecated)NessusSolaris Local Security Checks
high
22716Debian DSA-1174-1 : openssl096 - cryptographic weaknessNessusDebian Local Security Checks
medium
20333Solaris 10 (x86) : 118372-10NessusSolaris Local Security Checks
critical
20332Solaris 10 (sparc) : 118371-10NessusSolaris Local Security Checks
critical
20275Solaris 10 (x86) : 121230-02NessusSolaris Local Security Checks
critical
20272Solaris 10 (sparc) : 121229-02NessusSolaris Local Security Checks
critical
20055Solaris 10 (x86) : 119214-36 (deprecated)NessusSolaris Local Security Checks
medium
20052Solaris 10 (sparc) : 119213-36 (deprecated)NessusSolaris Local Security Checks
medium
19844Solaris 9 (x86) : 119212-36NessusSolaris Local Security Checks
high
19842Solaris 9 (sparc) : 119211-36NessusSolaris Local Security Checks
high
13602Solaris 9 (x86) : 114435-16NessusSolaris Local Security Checks
critical
13589Solaris 9 (x86) : 114050-14NessusSolaris Local Security Checks
medium
13548Solaris 9 (sparc) : 114049-14NessusSolaris Local Security Checks
medium
13538Solaris 9 (sparc) : 113451-17NessusSolaris Local Security Checks
critical