CVE-2006-5201

CVE-2006-5201

Name

CVE-2006-5201

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	http://secunia.com/advisories/22204
Third Party Advisory	http://secunia.com/advisories/22226
Third Party Advisory	http://secunia.com/advisories/22325
Third Party Advisory	http://secunia.com/advisories/22992
Broken Link	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
Broken Link	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
Third Party Advisory	http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
Third Party Advisory	http://www.kb.cert.org/vuls/id/845620
Permissions Required	http://www.vupen.com/english/advisories/2006/3898
Permissions Required	http://www.vupen.com/english/advisories/2006/3899
Permissions Required	http://www.vupen.com/english/advisories/2006/3960

Type

URI

Patch

http://secunia.com/advisories/22204

Third Party Advisory

http://secunia.com/advisories/22226

Third Party Advisory

http://secunia.com/advisories/22325

Third Party Advisory

http://secunia.com/advisories/22992

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

Third Party Advisory

http://www.kb.cert.org/vuls/id/845620

Permissions Required

http://www.vupen.com/english/advisories/2006/3898

Permissions Required

http://www.vupen.com/english/advisories/2006/3899

Permissions Required

http://www.vupen.com/english/advisories/2006/3960

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sun:nss::::::::`	nss	== None	== None
`cpe:2.3:a:sun:secure_global_desktop::::::::`	secure_global_desktop	== None	== None
`cpe:2.3:a:sun:staroffice::::::::`	staroffice	== None	== None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:sun:nss:*:*:*:*:*:*:*:*

nss

== None

cpe:2.3:a:sun:secure_global_desktop:*:*:*:*:*:*:*:*

secure_global_desktop

== None

cpe:2.3:a:sun:staroffice:*:*:*:*:*:*:*:*

staroffice

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
nss	edge-main	3.107-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
nss	edge-main	3.109-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
nss	edge-main	3.110-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
nss	edge-main	3.112-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
nss	edge-main	3.113-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

nss

edge-main

3.107-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

nss

edge-main