|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#845620
Multiple RSA implementations fail to properly handle signatures
OverviewMultiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
I. DescriptionRSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized. One such padding scheme is specified in the Public-Key Cryptography Standard #1 (PKCS-1), which is defined in RFC 3447.
Many RSA implementations may fail to properly verify signatures. Specifically, the verifier may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key's signature.
Note that any application that uses RSA signatures may be affected by this vulnerability. This includes, but is not limited to, SSH, SSL, PGP, and X.509 applications.
This issue is further discussed on the ietf-openpgp mailing list.
II. ImpactThis vulnerability may allow an attacker to forge an RSA signature.
III. SolutionCheck with your vendor
See the systems affected section of this document for information about how specific vendors are addressing this vulnerability.
Systems Affected
| Vendor | Status | Date Updated |
| 3com, Inc. | Unknown | 8-Sep-2006 |
| Alcatel | Unknown | 8-Sep-2006 |
| America Online, Inc. | Unknown | 7-Sep-2006 |
| Apache-SSL | Unknown | 6-Sep-2006 |
| Apache HTTP Server Project | Unknown | 6-Sep-2006 |
| Appgate Network Security | Vulnerable | 13-Sep-2006 |
| Apple Computer, Inc. | Unknown | 8-Sep-2006 |
| Apple Computer, Inc. | Vulnerable | 8-Jan-2007 |
| Aruba Networks, Inc. | Unknown | 6-Sep-2006 |
| AttachmateWRQ, Inc. | Vulnerable | 20-Oct-2006 |
| AT&T | Unknown | 8-Sep-2006 |
| Avaya, Inc. | Vulnerable | 18-Sep-2006 |
| Avici Systems, Inc. | Unknown | 8-Sep-2006 |
| Bitvise | Unknown | 8-Sep-2006 |
| Blue Coat Systems | Vulnerable | 8-Jan-2007 |
| Borderware Technologies | Unknown | 8-Sep-2006 |
| Certicom | Unknown | 6-Sep-2006 |
| Charlotte's Web Networks | Unknown | 8-Sep-2006 |
| Check Point Software Technologies | Unknown | 8-Sep-2006 |
| Chiaro Networks, Inc. | Unknown | 8-Sep-2006 |
| Cisco Systems, Inc. | Vulnerable | 13-Nov-2006 |
| Clavister | Unknown | 8-Sep-2006 |
| Computer Associates | Unknown | 8-Sep-2006 |
| Conectiva Inc. | Unknown | 8-Sep-2006 |
| Covalent Technologies | Unknown | 6-Sep-2006 |
| Cray Inc. | Unknown | 8-Sep-2006 |
| Cryptlib | Unknown | 18-Sep-2006 |
| Crypto++ Library | Not Vulnerable | 7-Sep-2006 |
| D-Link Systems, Inc. | Unknown | 8-Sep-2006 |
| Data Connection, Ltd. | Unknown | 8-Sep-2006 |
| Debian GNU/Linux | Vulnerable | 3-Oct-2006 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 8-Sep-2006 |
| Engarde Secure Linux | Unknown | 8-Sep-2006 |
| Ericsson | Unknown | 8-Sep-2006 |
| eSoft, Inc. | Unknown | 8-Sep-2006 |
| Extreme Networks | Unknown | 8-Sep-2006 |
| F-Secure Corporation | Not Vulnerable | 4-Oct-2006 |
| F5 Networks, Inc. | Vulnerable | 11-Sep-2006 |
| Fedora Project | Unknown | 8-Sep-2006 |
| FiSSH | Unknown | 8-Sep-2006 |
| Force10 Networks, Inc. | Unknown | 8-Sep-2006 |
| Fortinet, Inc. | Unknown | 8-Sep-2006 |
| Foundry Networks, Inc. | Unknown | 8-Sep-2006 |
| FreeBSD, Inc. | Vulnerable | 11-Sep-2006 |
| FreSSH | Unknown | 8-Sep-2006 |
| Fujitsu | Unknown | 8-Sep-2006 |
| Gentoo Linux | Vulnerable | 3-Oct-2006 |
| Global Technology Associates | Not Vulnerable | 18-Sep-2006 |
| GnuTLS | Vulnerable | 20-Sep-2006 |
| Hewlett-Packard Company | Vulnerable | 13-Nov-2006 |
| Hitachi | Unknown | 8-Sep-2006 |
| Hyperchip | Unknown | 8-Sep-2006 |
| IAIK Java Group | Vulnerable | 20-Oct-2006 |
| IBM Corporation | Vulnerable | 8-Jan-2007 |
| IBM Corporation (zseries) | Unknown | 8-Sep-2006 |
| IBM eServer | Unknown | 8-Sep-2006 |
| Immunix Communications, Inc. | Unknown | 8-Sep-2006 |
| Ingrian Networks, Inc. | Unknown | 6-Sep-2006 |
| Intel Corporation | Unknown | 8-Sep-2006 |
| Internet Security Systems, Inc. | Unknown | 8-Sep-2006 |
| Internet Software Consortium | Vulnerable | 19-Jan-2007 |
| InterPeak | Unknown | 8-Sep-2006 |
| InterSoft International | Unknown | 8-Sep-2006 |
| Intoto | Vulnerable | 21-Sep-2006 |
| IP Filter | Unknown | 8-Sep-2006 |
| Juniper Networks, Inc. | Vulnerable | 8-Jan-2007 |
| Linksys (A division of Cisco Systems) | Unknown | 8-Sep-2006 |
| Lotus Software | Not Vulnerable | 4-Oct-2006 |
| lsh | Unknown | 6-Sep-2006 |
| Lucent Technologies | Unknown | 8-Sep-2006 |
| Luminous Networks | Unknown | 8-Sep-2006 |
| MacSSH | Unknown | 8-Sep-2006 |
| Mandriva, Inc. | Vulnerable | 3-Oct-2006 |
| Microsoft Corporation | Unknown | 6-Sep-2006 |
| Mirapoint, Inc. | Unknown | 6-Sep-2006 |
| mod_ssl | Unknown | 6-Sep-2006 |
| MontaVista Software, Inc. | Unknown | 8-Sep-2006 |
| Mozilla, Inc. | Vulnerable | 19-Sep-2006 |
| Multinet (owned Process Software Corporation) | Unknown | 8-Sep-2006 |
| Multitech, Inc. | Unknown | 8-Sep-2006 |
| nCipher Corporation Ltd. | Not Vulnerable | 28-Sep-2006 |
| NEC Corporation | Unknown | 8-Sep-2006 |
| NetBSD | Unknown | 8-Sep-2006 |
| NetComposite | Unknown | 8-Sep-2006 |
| netfilter | Unknown | 8-Sep-2006 |
| Network Appliance, Inc. | Unknown | 8-Sep-2006 |
| NextHop Technologies, Inc. | Unknown | 8-Sep-2006 |
| Nokia | Unknown | 6-Sep-2006 |
| Nortel Networks, Inc. | Unknown | 8-Sep-2006 |
| Novell, Inc. | Unknown | 7-Sep-2006 |
| OpenBSD | Unknown | 8-Sep-2006 |
| OpenPKG | Vulnerable | 13-Nov-2006 |
| OpenSSH | Unknown | 8-Sep-2006 |
| OpenSSL | Vulnerable | 6-Sep-2006 |
| Openwall GNU/*/Linux | Vulnerable | 11-Sep-2006 |
| Opera | Vulnerable | 21-Sep-2006 |
| Oracle Corporation | Vulnerable | 17-Jan-2007 |
| PGP Corporation | Not Vulnerable | 13-Sep-2006 |
| Pragma Systems | Unknown | 8-Sep-2006 |
| PuTTY | Not Vulnerable | 11-Sep-2006 |
| QNX, Software Systems, Inc. | Unknown | 8-Sep-2006 |
| Red Hat, Inc. | Vulnerable | 3-Oct-2006 |
| Redback Networks, Inc. | Unknown | 3-Oct-2006 |
| Riverstone Networks, Inc. | Unknown | 8-Sep-2006 |
| rPath | Vulnerable | 4-Oct-2006 |
| RSA Security, Inc. | Vulnerable | 8-Jan-2007 |
| Secure Computing Enterprise Security Division | Unknown | 8-Sep-2006 |
| Secure Computing Network Security Division | Unknown | 8-Sep-2006 |
| Secureworx, Inc. | Unknown | 8-Sep-2006 |
| Silicon Graphics, Inc. | Unknown | 8-Sep-2006 |
| Slackware Linux Inc. | Vulnerable | 13-Nov-2006 |
| Spyrus | Unknown | 6-Sep-2006 |
| SSH Communications Security Corp | Vulnerable | 13-Nov-2006 |
| Stunnel | Unknown | 6-Sep-2006 |
| Sun Microsystems, Inc. | Vulnerable | 4-Oct-2006 |
| SUSE Linux | Vulnerable | 29-Sep-2006 |
| Sybase | Vulnerable | 8-Jan-2007 |
| Symantec, Inc. | Unknown | 8-Sep-2006 |
| The SCO Group | Unknown | 8-Sep-2006 |
| The SCO Group (SCO Unix) | Unknown | 8-Sep-2006 |
| Trustix Secure Linux | Unknown | 8-Sep-2006 |
| Turbolinux | Unknown | 8-Sep-2006 |
| Ubuntu | Vulnerable | 25-Sep-2006 |
| Unisys | Unknown | 8-Sep-2006 |
| VanDyke Software | Vulnerable | 22-Jan-2007 |
| Verisign | Unknown | 11-Sep-2006 |
| VMware | Vulnerable | 19-Jan-2007 |
| Watchguard Technologies, Inc. | Unknown | 8-Sep-2006 |
| WeOnlyDo! Software | Unknown | 8-Sep-2006 |
| Wind River Systems, Inc. | Unknown | 8-Sep-2006 |
| WinSCP | Unknown | 8-Sep-2006 |
| ZyXEL | Unknown | 8-Sep-2006 |
References
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.openssl.org/news/secadv_20060905.txt
http://secunia.com/advisories/21709/
http://www.rsasecurity.com/rsalabs/node.asp?id=2125
http://www.ietf.org/rfc/rfc3447.txt
http://www.securityfocus.com/bid/22083
Credit
This vulnerability was reported by Daniel Bleichenbacher.
This document was written by Jeff Gennari.
Other Information
| Date Public | 09/05/2006 |
| Date First Published | 09/21/2006 11:22:14 AM |
| Date Last Updated | 02/08/2007 |
| CERT Advisory | |
| CVE Name | CVE-2006-4339 |
| US-CERT Technical Alerts | |
| Metric | 7.56 |
| Document Revision | 95 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|