CVE-2006-5201

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

Affected products

• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jdk1.5.0 – 1.5.0
• sun / jre1.3.1_07 – 1.3.1_07
• sun / jre1.3.1 – 1.3.1
• sun / jre1.3.1_2 – 1.3.1_2
• sun / jre1.3.1_03 – 1.3.1_03
• sun / jre1.3.1_04 – 1.3.1_04
• sun / jre1.3.1_05 – 1.3.1_05
• sun / jre1.3.1_06 – 1.3.1_06
• sun / jre1.3.1_08 – 1.3.1_08
• sun / jre1.3.1_09 – 1.3.1_09
• sun / jre1.3.1_10 – 1.3.1_10
• sun / jre1.3.1_11 – 1.3.1_11
• sun / jre1.3.1_12 – 1.3.1_12
• sun / jre1.3.1_13 – 1.3.1_13
• sun / jre1.3.1_14 – 1.3.1_14
• sun / jre1.3.1_15 – 1.3.1_15
• sun / jre1.3.1_16 – 1.3.1_16
• sun / jre1.3.1_17 – 1.3.1_17
• sun / jre1.3.1_18 – 1.3.1_18
• sun / jre1.3.1_19 – 1.3.1_19
• sun / jre1.4.2 – 1.4.2
• sun / jre1.4.2_1 – 1.4.2_1
• sun / jre1.4.2_2 – 1.4.2_2
• sun / jre1.4.2_3 – 1.4.2_3
• sun / jre1.4.2_4 – 1.4.2_4
• sun / jre1.4.2_5 – 1.4.2_5
• sun / jre1.4.2_6 – 1.4.2_6
• sun / jre1.4.2_7 – 1.4.2_7
• sun / jre1.4.2_8 – 1.4.2_8
• sun / jre1.4.2_9 – 1.4.2_9
• sun / jre1.4.2_10 – 1.4.2_10
• sun / jre1.4.2_11 – 1.4.2_11
• sun / jre1.4.2_12 – 1.4.2_12
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jre1.5.0 – 1.5.0
• sun / jsse1.0.3_03 – 1.0.3_03
• sun / jsse1.0.3_02 – 1.0.3_02
• sun / jsse1.0.3 – 1.0.3
• sun / jsse1.0.3_01 – 1.0.3_01
• sun / nss
• sun / sdk1.4.2_10 – 1.4.2_10
• sun / sdk1.4.2_12 – 1.4.2_12
• sun / sdk1.4.2_6 – 1.4.2_6
• sun / sdk1.4.2_7 – 1.4.2_7
• sun / sdk1.4.2_8 – 1.4.2_8
• sun / sdk1.4.2_9 – 1.4.2_9
• sun / sdk1.4.2_11 – 1.4.2_11
• sun / sdk1.3.1 – 1.3.1
• sun / sdk1.3.1_01 – 1.3.1_01
• sun / sdk1.3.1_01a – 1.3.1_01a
• sun / sdk1.3.1_02 – 1.3.1_02
• sun / sdk1.3.1_03 – 1.3.1_03
• sun / sdk1.3.1_04 – 1.3.1_04
• sun / sdk1.3.1_05 – 1.3.1_05
• sun / sdk1.3.1_06 – 1.3.1_06
• sun / sdk1.3.1_07 – 1.3.1_07
• sun / sdk1.3.1_08 – 1.3.1_08
• sun / sdk1.3.1_09 – 1.3.1_09
• sun / sdk1.3.1_10 – 1.3.1_10
• sun / sdk1.3.1_11 – 1.3.1_11
• sun / sdk1.3.1_12 – 1.3.1_12
• sun / sdk1.3.1_13 – 1.3.1_13
• sun / sdk1.3.1_14 – 1.3.1_14
• sun / sdk1.3.1_15 – 1.3.1_15
• sun / sdk1.3.1_16 – 1.3.1_16
• sun / sdk1.3.1_17 – 1.3.1_17
• sun / sdk1.3.1_18 – 1.3.1_18
• sun / sdk1.3.1_19 – 1.3.1_19
• sun / sdk1.4.2 – 1.4.2
• sun / sdk1.4.2_1 – 1.4.2_1
• sun / sdk1.4.2_2 – 1.4.2_2
• sun / sdk1.4.2_3 – 1.4.2_3
• sun / sdk1.4.2_4 – 1.4.2_4
• sun / sdk1.4.2_5 – 1.4.2_5
• sun / secure_global_desktop
• sun / solaris9.0 – 9.0
• sun / solaris10.0 – 10.0
• sun / staroffice
• sun / sunos5.8 – 5.8

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/22992
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3899
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3960
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3898
• MISChttp://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
• VENDOR_ADVISORYhttp://secunia.com/advisories/22325
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/22204
• VENDOR_ADVISORYhttp://secunia.com/advisories/22226
• MISChttp://www.kb.cert.org/vuls/id/845620