English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57346
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0661
Summary:Redhat Security Advisory RHSA-2006:0661
Description:
The remote host is missing updates announced in
advisory RHSA-2006:0661.

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be possible
for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly
verified by implementations that do not check for excess data in the RSA
exponentiation result of the signature.

The Google Security Team discovered that OpenSSL is vulnerable to this
attack. This issue affects applications that use OpenSSL to verify X.509
certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)

This errata also resolves a problem where a customized ca-bundle.crt file
was overwritten when the openssl package was upgraded.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0661.html
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://www.openssl.org/news/secadv_20060905.txt
http://www.redhat.com/security/updates/classification/#important

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4339
Bugtraq: 20060905 rPSA-2006-0163-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/archive/1/445231/100/0/threaded
Bugtraq: 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery (Google Search)
http://www.securityfocus.com/archive/1/archive/1/445822/100/0/threaded
Bugtraq: 20070110 VMware ESX server security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
Bugtraq: 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/238
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
Cisco Security Advisory: 20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
Debian Security Information: DSA-1173 (Google Search)
http://www.us.debian.org/security/2006/dsa-1173
Debian Security Information: DSA-1174 (Google Search)
http://www.debian.org/security/2006/dsa-1174
FreeBSD Security Advisory: FreeBSD-SA-06:19
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
http://security.gentoo.org/glsa/glsa-200609-05.xml
http://security.gentoo.org/glsa/glsa-200609-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
HPdes Security Advisory: HPSBUX02165
http://www.securityfocus.com/archive/1/archive/1/450327/100/0/threaded
HPdes Security Advisory: SSRT061266
HPdes Security Advisory: HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
HPdes Security Advisory: SSRT071299
HPdes Security Advisory: HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: SSRT071304
HPdes Security Advisory: HPSBUX02219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
HPdes Security Advisory: SSRT061273
HPdes Security Advisory: HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPdes Security Advisory: SSRT061275
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
OpenBSD Security Advisory: [3.9] 20060908 011: SECURITY FIX: September 8, 2006
http://www.openbsd.org/errata.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
http://www.redhat.com/support/errata/RHSA-2006-0661.html
http://www.redhat.com/support/errata/RHSA-2007-0062.html
http://www.redhat.com/support/errata/RHSA-2007-0072.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
SuSE Security Announcement: SUSE-SA:2006:055 (Google Search)
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
SuSE Security Announcement: SUSE-SA:2006:061 (Google Search)
http://www.novell.com/linux/security/advisories/2006_61_opera.html
SuSE Security Announcement: SUSE-SR:2006:026 (Google Search)
http://www.novell.com/linux/security/advisories/2006_26_sr.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#845620
http://www.kb.cert.org/vuls/id/845620
http://jvn.jp/en/jp/JVN51615542/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
BugTraq ID: 19849
http://www.securityfocus.com/bid/19849
BugTraq ID: 22083
http://www.securityfocus.com/bid/22083
BugTraq ID: 28276
http://www.securityfocus.com/bid/28276
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11656
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/60799
http://secunia.com/advisories/41818
http://www.vupen.com/english/advisories/2006/3453
http://www.vupen.com/english/advisories/2006/3566
http://www.vupen.com/english/advisories/2006/3730
http://www.vupen.com/english/advisories/2006/3793
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4205
http://www.vupen.com/english/advisories/2006/4206
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4366
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4586
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/4744
http://www.vupen.com/english/advisories/2006/5146
http://www.vupen.com/english/advisories/2007/0254
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2006/4216
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1815
http://www.vupen.com/english/advisories/2007/1945
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2007/4224
http://www.vupen.com/english/advisories/2008/0905/references
http://www.osvdb.org/28549
http://securitytracker.com/id?1016791
http://securitytracker.com/id?1017522
http://secunia.com/advisories/21709
http://www.ubuntu.com/usn/usn-339-1
http://secunia.com/advisories/21778
http://secunia.com/advisories/21785
http://secunia.com/advisories/21812
http://secunia.com/advisories/21823
http://secunia.com/advisories/21852
http://secunia.com/advisories/21791
http://secunia.com/advisories/21767
http://secunia.com/advisories/21776
http://secunia.com/advisories/21873
http://secunia.com/advisories/21906
http://secunia.com/advisories/21846
http://secunia.com/advisories/21927
http://secunia.com/advisories/21870
http://secunia.com/advisories/22036
http://secunia.com/advisories/21982
http://secunia.com/advisories/21930
http://secunia.com/advisories/22161
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22226
http://secunia.com/advisories/22232
http://secunia.com/advisories/22284
http://secunia.com/advisories/22325
http://secunia.com/advisories/22446
http://secunia.com/advisories/22509
http://secunia.com/advisories/22513
http://secunia.com/advisories/22523
http://secunia.com/advisories/22545
http://secunia.com/advisories/22585
http://secunia.com/advisories/22733
http://secunia.com/advisories/22671
http://secunia.com/advisories/22689
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/22711
http://secunia.com/advisories/22934
http://secunia.com/advisories/22936
http://secunia.com/advisories/22937
http://secunia.com/advisories/22938
http://secunia.com/advisories/22939
http://secunia.com/advisories/22940
http://secunia.com/advisories/22949
http://secunia.com/advisories/22948
http://secunia.com/advisories/23155
http://secunia.com/advisories/23455
http://secunia.com/advisories/23680
http://secunia.com/advisories/23794
http://secunia.com/advisories/23841
http://secunia.com/advisories/23915
http://secunia.com/advisories/22044
http://secunia.com/advisories/22932
http://secunia.com/advisories/24099
http://secunia.com/advisories/24950
http://secunia.com/advisories/24930
http://secunia.com/advisories/25284
http://secunia.com/advisories/25399
http://secunia.com/advisories/25649
http://secunia.com/advisories/22066
http://secunia.com/advisories/26329
http://secunia.com/advisories/26893
http://secunia.com/advisories/28115
http://secunia.com/advisories/31492
http://www.vupen.com/english/advisories/2010/0366
XForce ISS Database: openssl-rsa-security-bypass(28755)
http://xforce.iss.net/xforce/xfdb/28755
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.