LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openssl: insufficient signature checking

Package(s):openssl CVE #(s):CVE-2006-4339
Created:September 5, 2006 Updated:November 15, 2006
Description: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
Alerts:
Mandriva MDKSA-2006:207 2006-11-14
Slackware SSA:2006-310-01 2006-11-07
OpenPKG OpenPKG-SA-2006.029 2006-11-06
SuSE SUSE-SA:2006:061 2006-10-19
Slackware SSA:2006-257-02 2006-09-15
Gentoo 200609-05:02 2006-09-07
Debian DSA-1174-1 2006-09-11
Debian DSA-1173-1 2006-09-10
Red Hat RHSA-2006:0661-01 2006-09-06
Gentoo 200609-05 2006-09-07
Mandriva MDKSA-2006:161 2006-09-06
rPath rPSA-2006-0163-1 2006-09-05
OpenPKG OpenPKG-SA-2006.018 2006-09-06
Fedora FEDORA-2006-953 2006-09-05
Ubuntu USN-339-1 2006-09-05
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds