Ubuntu Local Security Checks : Ubuntu USN-339-1 (openssl)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.57340
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-339-1 (openssl)
Summary:	Ubuntu USN-339-1 (openssl)
Description:	The remote host is missing an update to openssl announced via advisory USN-339-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-339-1 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4339 Bugtraq: 20060905 rPSA-2006-0163-1 openssl openssl-scripts (Google Search) http://www.securityfocus.com/archive/1/archive/1/445231/100/0/threaded Bugtraq: 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery (Google Search) http://www.securityfocus.com/archive/1/archive/1/445822/100/0/threaded Bugtraq: 20070110 VMware ESX server security updates (Google Search) http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2 http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/238 Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL library http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL Library http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html Debian Security Information: DSA-1173 (Google Search) http://www.us.debian.org/security/2006/dsa-1173 Debian Security Information: DSA-1174 (Google Search) http://www.debian.org/security/2006/dsa-1174 FreeBSD Security Advisory: FreeBSD-SA-06:19 http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc http://security.gentoo.org/glsa/glsa-200609-05.xml http://security.gentoo.org/glsa/glsa-200609-18.xml http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml HPdes Security Advisory: HPSBUX02165 http://www.securityfocus.com/archive/1/archive/1/450327/100/0/threaded HPdes Security Advisory: SSRT061266 HPdes Security Advisory: HPSBUX02153 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HPdes Security Advisory: SSRT071299 HPdes Security Advisory: HPSBTU02207 https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HPdes Security Advisory: SSRT061213 HPdes Security Advisory: SSRT061239 HPdes Security Advisory: SSRT071304 HPdes Security Advisory: HPSBUX02219 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 HPdes Security Advisory: SSRT061273 HPdes Security Advisory: HPSBMA02250 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 HPdes Security Advisory: SSRT061275 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: SSRT090208 http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 OpenBSD Security Advisory: [3.9] 20060908 011: SECURITY FIX: September 8, 2006 http://www.openbsd.org/errata.html http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html http://www.redhat.com/support/errata/RHSA-2006-0661.html http://www.redhat.com/support/errata/RHSA-2007-0062.html http://www.redhat.com/support/errata/RHSA-2007-0072.html http://www.redhat.com/support/errata/RHSA-2007-0073.html http://www.redhat.com/support/errata/RHSA-2008-0629.html SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1 SuSE Security Announcement: SUSE-SA:2006:055 (Google Search) http://www.novell.com/linux/security/advisories/2006_55_ssl.html SuSE Security Announcement: SUSE-SA:2006:061 (Google Search) http://www.novell.com/linux/security/advisories/2006_61_opera.html SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html SuSE Security Announcement: SUSE-SA:2007:010 (Google Search) http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html CERT/CC vulnerability note: VU#845620 http://www.kb.cert.org/vuls/id/845620 http://jvn.jp/en/jp/JVN51615542/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html BugTraq ID: 19849 http://www.securityfocus.com/bid/19849 BugTraq ID: 22083 http://www.securityfocus.com/bid/22083 BugTraq ID: 28276 http://www.securityfocus.com/bid/28276 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11656 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://www.vupen.com/english/advisories/2006/3453 http://www.vupen.com/english/advisories/2006/3566 http://www.vupen.com/english/advisories/2006/3730 http://www.vupen.com/english/advisories/2006/3793 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2006/3936 http://www.vupen.com/english/advisories/2006/4205 http://www.vupen.com/english/advisories/2006/4206 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/4327 http://www.vupen.com/english/advisories/2006/4329 http://www.vupen.com/english/advisories/2006/4366 http://www.vupen.com/english/advisories/2006/4417 http://www.vupen.com/english/advisories/2006/4586 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2006/4744 http://www.vupen.com/english/advisories/2006/5146 http://www.vupen.com/english/advisories/2007/0254 http://www.vupen.com/english/advisories/2007/0343 http://www.vupen.com/english/advisories/2006/4216 http://www.vupen.com/english/advisories/2007/1401 http://www.vupen.com/english/advisories/2007/1815 http://www.vupen.com/english/advisories/2007/1945 http://www.vupen.com/english/advisories/2007/2163 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2007/2315 http://www.vupen.com/english/advisories/2007/2783 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2008/0905/references http://www.osvdb.org/28549 http://securitytracker.com/id?1016791 http://securitytracker.com/id?1017522 http://secunia.com/advisories/21709 http://www.ubuntu.com/usn/usn-339-1 http://secunia.com/advisories/21778 http://secunia.com/advisories/21785 http://secunia.com/advisories/21812 http://secunia.com/advisories/21823 http://secunia.com/advisories/21852 http://secunia.com/advisories/21791 http://secunia.com/advisories/21767 http://secunia.com/advisories/21776 http://secunia.com/advisories/21873 http://secunia.com/advisories/21906 http://secunia.com/advisories/21846 http://secunia.com/advisories/21927 http://secunia.com/advisories/21870 http://secunia.com/advisories/22036 http://secunia.com/advisories/21982 http://secunia.com/advisories/21930 http://secunia.com/advisories/22161 http://secunia.com/advisories/22259 http://secunia.com/advisories/22260 http://secunia.com/advisories/22226 http://secunia.com/advisories/22232 http://secunia.com/advisories/22284 http://secunia.com/advisories/22325 http://secunia.com/advisories/22446 http://secunia.com/advisories/22509 http://secunia.com/advisories/22513 http://secunia.com/advisories/22523 http://secunia.com/advisories/22545 http://secunia.com/advisories/22585 http://secunia.com/advisories/22733 http://secunia.com/advisories/22671 http://secunia.com/advisories/22689 http://secunia.com/advisories/22758 http://secunia.com/advisories/22799 http://secunia.com/advisories/22711 http://secunia.com/advisories/22934 http://secunia.com/advisories/22936 http://secunia.com/advisories/22937 http://secunia.com/advisories/22938 http://secunia.com/advisories/22939 http://secunia.com/advisories/22940 http://secunia.com/advisories/22949 http://secunia.com/advisories/22948 http://secunia.com/advisories/23155 http://secunia.com/advisories/23455 http://secunia.com/advisories/23680 http://secunia.com/advisories/23794 http://secunia.com/advisories/23841 http://secunia.com/advisories/23915 http://secunia.com/advisories/22044 http://secunia.com/advisories/22932 http://secunia.com/advisories/24099 http://secunia.com/advisories/24950 http://secunia.com/advisories/24930 http://secunia.com/advisories/25284 http://secunia.com/advisories/25399 http://secunia.com/advisories/25649 http://secunia.com/advisories/22066 http://secunia.com/advisories/26329 http://secunia.com/advisories/26893 http://secunia.com/advisories/28115 http://secunia.com/advisories/31492 http://www.vupen.com/english/advisories/2010/0366 XForce ISS Database: openssl-rsa-security-bypass(28755) http://xforce.iss.net/xforce/xfdb/28755
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com