CVE-2006-4339

Common Vulnerabilities and Exposures

Upstream information

CVE-2006-4339 at MITRE

Description

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entries: 202366, 203595, 206636, 207635, 215623, 218303, 233584, 564512

SUSE Security Advisories:

SUSE-SA:2006:055, published Fri, 22 Sep 2006 18:00:00 +0000
SUSE-SA:2006:061, published Thu, 19 Oct 2006 15:00:00 +0000
SUSE-SA:2007:010, published Thu, 18 Jan 2007 14:00:00 +0000
SUSE-SR:2006:024, published Fri, 06 Oct 2006 14:00:00 +0000
SUSE-SR:2006:026, published Fri, 17 Nov 2006 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.0	`bind >= 9.3.1-8.4` `bind-libs >= 9.3.1-8.4` `bind-libs-32bit >= 9.3.1-8.4` `bind-libs-64bit >= 9.3.1-8.4` `bind-utils >= 9.3.1-8.4`
SUSE LINUX 10.1	`bind >= 9.3.2-17.11` `bind-libs >= 9.3.2-17.11` `bind-libs-32bit >= 9.3.2-17.11` `bind-libs-64bit >= 9.3.2-17.11` `bind-utils >= 9.3.2-17.11`
SUSE LINUX 9.3	`bind >= 9.3.1-3.5` `bind-libs >= 9.3.1-3.5` `bind-libs-32bit >= 9.3-7.3` `bind-utils >= 9.3.1-3.5`
Novell Linux Desktop 9 for x86_64	`bind >= 9.2.3-76.28` `bind-utils >= 9.2.3-76.28` `bind-utils-32bit >= 9-200611140525`	sles10.x86 sles10.s390x sles9-oes.x86 YOU Patch Nr: 11303 ZYPP Patch Nr: 2268
Novell Linux Desktop 9 for x86 Open Enterprise Server	`bind >= 9.2.3-76.28` `bind-utils >= 9.2.3-76.28`	sles10.x86 sles10.s390x sles9-oes.x86 YOU Patch Nr: 11303 ZYPP Patch Nr: 2268
SuSE Linux Desktop 1.0	`openssl >= 0.9.6g-135`	slrs8.x86 sles10.s390x sles9-oes.x86 sles10.x86 ul1.s390 core9.s390 YOU Patch Nr: 11217 ZYPP Patch Nr: 2082
Novell Linux Desktop 9 for x86_64	`openssl >= 0.9.7d-15.26` `openssl-32bit >= 9-200609140529` `openssl-devel >= 0.9.7d-15.26` `openssl-devel-32bit >= 9-200609140529`	slrs8.x86 sles10.s390x sles9-oes.x86 sles10.x86 ul1.s390 core9.s390 YOU Patch Nr: 11217 ZYPP Patch Nr: 2082
Novell Linux Desktop 9 for x86 Open Enterprise Server	`openssl >= 0.9.7d-15.26` `openssl-devel >= 0.9.7d-15.26`	slrs8.x86 sles10.s390x sles9-oes.x86 sles10.x86 ul1.s390 core9.s390 YOU Patch Nr: 11217 ZYPP Patch Nr: 2082
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`openssl >= 0.9.6g-136` `openssl-devel >= 0.9.6g-136`	slrs8.x86 sles10.s390x sles9-oes.x86 sles10.x86 ul1.s390 core9.s390 YOU Patch Nr: 11217 ZYPP Patch Nr: 2082
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries	`IBMJava2-JRE_1_4 >= 1.4.1-23` `IBMJava2-SDK_1_4 >= 1.4.1-23`	ul1.x86-64 ul1.s390 YOU Patch Nr: 11440
SuSE Linux Enterprise Server 8 for IBM zSeries	`IBMJava2-SDK_1_4 >= 1.4.1-23`	ul1.x86-64 ul1.s390 YOU Patch Nr: 11440
SuSE Linux Enterprise Server 8 for AMD64 UnitedLinux 1.0	`IBMJava2-JRE_1_4 >= 1.4.2-0.4` `IBMJava2-SDK_1_4 >= 1.4.2-0.4`	ul1.x86-64 ul1.s390 YOU Patch Nr: 11440
SUSE LINUX 10.1	`compat-openssl097g >= 0.9.7g-13.5` `compat-openssl097g-32bit >= 0.9.7g-13.5` `compat-openssl097g-64bit >= 0.9.7g-13.5`
SuSE Linux Desktop 1.0	`bind9-utils >= 9.1.3-338`	ul1.s390 slrs8.x86 YOU Patch Nr: 11302
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`bind9 >= 9.2.2-96` `bind9-utils >= 9.2.2-96`	ul1.s390 slrs8.x86 YOU Patch Nr: 11302
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`IBMJava2-JRE >= 1.3.1-237` `IBMJava2-SDK >= 1.3.1-237`	slrs8.x86 YOU Patch Nr: 11387
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl-z990 >= 0.9.7c-9`	ul1.s390 YOU Patch Nr: 11271
SUSE LINUX 10.0	`openssl >= 0.9.7g-2.8` `openssl-32bit >= 0.9.7g-2.8` `openssl-64bit >= 0.9.7g-2.8` `openssl-devel >= 0.9.7g-2.8` `openssl-devel-32bit >= 0.9.7g-2.8` `openssl-devel-64bit >= 0.9.7g-2.8`
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.7` `openssl-32bit >= 0.9.8a-18.7` `openssl-64bit >= 0.9.8a-18.7` `openssl-devel >= 0.9.8a-18.7` `openssl-devel-32bit >= 0.9.8a-18.7` `openssl-devel-64bit >= 0.9.8a-18.7`
SUSE LINUX 9.2	`openssl >= 0.9.7d-25.4` `openssl-32bit >= 9.2-200609140724` `openssl-devel >= 0.9.7d-25.4` `openssl-devel-32bit >= 9.2-200609140724`
SUSE LINUX 9.3	`openssl >= 0.9.7e-3.4` `openssl-32bit >= 9.3-7.2` `openssl-devel >= 0.9.7e-3.4` `openssl-devel-32bit >= 9.3-7.2`
SUSE LINUX 10.0 SUSE LINUX 10.1 SUSE LINUX 9.2 SUSE LINUX 9.3	`opera >= 9.02-4.1`