FreeBSD : opera -- RSA Signature Forgery (1fe734bf-4a06-11db-b48d-00508d6a62df)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

A specially crafted digital certificate can bypass Opera's certificate
signature verification. Forged certificates can contain any false
information the forger chooses, and Opera will still present it as
valid. Opera will not present any warning dialogs in this case, and
the security status will be the highest possible (3). This defeats the
protection against 'man in the middle', the attacks that SSL was
designed to prevent.

There is a flaw in OpenSSL's RSA signature verification that affects
digital certificates using 3 as the public exponent. Some of the
certificate issuers that are on Opera's list of trusted signers have
root certificates with 3 as the public exponent. The forged
certificate can appear to be signed by one of these.

See also :

http://www.nessus.org/u?1e3e5bc4
http://www.openssl.org/news/secadv/20060905.txt
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.nessus.org/u?0c70b9c7

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22428 (freebsd_pkg_1fe734bf4a0611dbb48d00508d6a62df.nasl)

Bugtraq ID:

CVE ID: CVE-2006-4339

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now