LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openssl: insufficient signature checking

Package(s):openssl CVE #(s):CVE-2006-4339
Created:September 5, 2006 Updated:November 15, 2006
Description: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
Alerts:
Mandriva MDKSA-2006:207 2006-11-14
Slackware SSA:2006-310-01 2006-11-07
OpenPKG OpenPKG-SA-2006.029 2006-11-06
SuSE SUSE-SA:2006:061 2006-10-19
Slackware SSA:2006-257-02 2006-09-15
Gentoo 200609-05:02 2006-09-07
Debian DSA-1174-1 2006-09-11
Debian DSA-1173-1 2006-09-10
Red Hat RHSA-2006:0661-01 2006-09-06
Gentoo 200609-05 2006-09-07
Mandriva MDKSA-2006:161 2006-09-06
rPath rPSA-2006-0163-1 2006-09-05
OpenPKG OpenPKG-SA-2006.018 2006-09-06
Fedora FEDORA-2006-953 2006-09-05
Ubuntu USN-339-1 2006-09-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds