cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8b CVE-2006-4339 2006-09-05T13:04:00.000-04:00 2017-10-10T21:31:12.047-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-09-05T13:17:00.000-04:00 SUNALERT 1000148 SECTRACK 1016791 SECTRACK 1017522 SUNALERT 102648 SUNALERT 102656 SUNALERT 102657 SUNALERT 102686 SUNALERT 102696 SUNALERT 102722 SUNALERT 102744 SUNALERT 102759 BID 19849 SGI 20060901-01-P BUGTRAQ 20060905 rPSA-2006-0163-1 openssl openssl-scripts BUGTRAQ 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery CISCO 20061108 Multiple Vulnerabilities in OpenSSL Library CISCO 20061108 Multiple Vulnerabilities in OpenSSL library BUGTRAQ 20070110 VMware ESX server security updates SUNALERT 200708 BUGTRAQ 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues SUNALERT 201247 SUNALERT 201534 SECUNIA 21709 SECUNIA 21767 SECUNIA 21776 SECUNIA 21778 SECUNIA 21785 SECUNIA 21791 SECUNIA 21812 SECUNIA 21823 SECUNIA 21846 SECUNIA 21852 SECUNIA 21870 SECUNIA 21873 SECUNIA 21906 SECUNIA 21927 SECUNIA 21930 SECUNIA 21982 SECUNIA 22036 SECUNIA 22044 SECUNIA 22066 BID 22083 SECUNIA 22161 SECUNIA 22226 SECUNIA 22232 SECUNIA 22259 SECUNIA 22260 SECUNIA 22284 SECUNIA 22325 SECUNIA 22446 SECUNIA 22509 SECUNIA 22513 SECUNIA 22523 SECUNIA 22545 SECUNIA 22585 SECUNIA 22671 SECUNIA 22689 SECUNIA 22711 SECUNIA 22733 SECUNIA 22758 SECUNIA 22799 SECUNIA 22932 SECUNIA 22934 SECUNIA 22936 SECUNIA 22937 SECUNIA 22938 SECUNIA 22939 SECUNIA 22940 SECUNIA 22948 SECUNIA 22949 SECUNIA 23155 SECUNIA 23455 SECUNIA 23680 SECUNIA 23794 SECUNIA 23841 SECUNIA 23915 SECUNIA 24099 SECUNIA 24930 SECUNIA 24950 SECUNIA 25284 SECUNIA 25399 SECUNIA 25649 SECUNIA 26329 SECUNIA 26893 SECUNIA 28115 BID 28276 OSVDB 28549 SECUNIA 31492 SECUNIA 38567 SECUNIA 38568 SECUNIA 41818 SECUNIA 60799 VUPEN ADV-2006-3453 VUPEN ADV-2006-3566 VUPEN ADV-2006-3730 VUPEN ADV-2006-3748 VUPEN ADV-2006-3793 VUPEN ADV-2006-3899 VUPEN ADV-2006-3936 VUPEN ADV-2006-4205 VUPEN ADV-2006-4206 VUPEN ADV-2006-4207 VUPEN ADV-2006-4216 VUPEN ADV-2006-4327 VUPEN ADV-2006-4329 VUPEN ADV-2006-4366 VUPEN ADV-2006-4417 VUPEN ADV-2006-4586 VUPEN ADV-2006-4744 VUPEN ADV-2006-4750 VUPEN ADV-2006-5146 VUPEN ADV-2007-0254 VUPEN ADV-2007-0343 VUPEN ADV-2007-1401 VUPEN ADV-2007-1815 VUPEN ADV-2007-1945 VUPEN ADV-2007-2163 VUPEN ADV-2007-2315 VUPEN ADV-2007-2783 VUPEN ADV-2007-4224 VUPEN ADV-2008-0905 VUPEN ADV-2010-0366 APPLE APPLE-SA-2006-11-28 APPLE APPLE-SA-2007-12-14 BEA BEA07-169.00 DEBIAN DSA-1173 DEBIAN DSA-1174 FREEBSD FreeBSD-SA-06:19 GENTOO GLSA-200609-05 GENTOO GLSA-200609-18 GENTOO GLSA-200610-06 GENTOO GLSA-201408-19 HP HPSBMA02250 HP HPSBOV02683 HP HPSBTU02207 HP HPSBUX02153 HP HPSBUX02165 HP HPSBUX02186 HP HPSBUX02219 JVN JVN#51615542 JVNDB JVNDB-2012-000079 MANDRIVA MDKSA-2006:161 MANDRIVA MDKSA-2006:177 MANDRIVA MDKSA-2006:178 MANDRIVA MDKSA-2006:207 OPENPKG OpenPKG-SA-2006.018 OPENPKG OpenPKG-SA-2006.029 REDHAT RHSA-2006:0661 REDHAT RHSA-2007:0062 REDHAT RHSA-2007:0072 REDHAT RHSA-2007:0073 REDHAT RHSA-2008:0629 SLACKWARE SSA:2006-257-02 SLACKWARE SSA:2006-310-01 HP SSRT061181 HP SSRT061213 HP SSRT061239 HP SSRT061266 HP SSRT061273 HP SSRT061275 HP SSRT071299 HP SSRT071304 HP SSRT090208 SUSE SUSE-SA:2006:055 SUSE SUSE-SA:2006:061 SUSE SUSE-SA:2007:010 SUSE SUSE-SR:2006:026 CERT TA06-333A UBUNTU USN-339-1 CERT-VN VU#845620 OPENBSD [3.9] 20060908 011: SECURITY FIX: September 8, 2006 MLIST [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] MLIST [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error MLIST [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues CONFIRM http://docs.info.apple.com/article.html?artnum=304829 MISC http://docs.info.apple.com/article.html?artnum=307177 CONFIRM http://openvpn.net/changelog.html CONFIRM http://support.attachmate.com/techdocs/2127.html CONFIRM http://support.attachmate.com/techdocs/2128.html CONFIRM http://support.attachmate.com/techdocs/2137.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm CONFIRM http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf CONFIRM http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html MISC http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ CONFIRM http://www.openoffice.org/security/cves/CVE-2006-4339.html CONFIRM http://www.openssl.org/news/secadv_20060905.txt CONFIRM http://www.opera.com/support/search/supsearch.dml?index=845 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html CONFIRM http://www.serv-u.com/releasenotes/ CONFIRM http://www.sybase.com/detail?id=1047991 CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0005.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html CONFIRM http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html CONFIRM http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html CONFIRM http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 CONFIRM https://issues.rpath.com/browse/RPL-1633 CONFIRM https://issues.rpath.com/browse/RPL-616 CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html XF openssl-rsa-security-bypass(28755) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.