search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Multiple RSA implementations fail to properly handle signatures

Vulnerability Note VU#845620

Original Release Date: 2006-09-21 | Last Revised: 2007-02-08

Overview

Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.

Description

RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized. One such padding scheme is specified in the Public-Key Cryptography Standard #1 (PKCS-1), which is defined in RFC 3447.

Many RSA implementations may fail to properly verify signatures. Specifically, the verifier may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key's signature.

Note that any application that uses RSA signatures may be affected by this vulnerability. This includes, but is not limited to, SSH, SSL, PGP, and X.509 applications.

This issue is further discussed on the ietf-openpgp mailing list.

Impact

This vulnerability may allow an attacker to forge an RSA signature.

Solution

Check with your vendor
See the systems affected section of this document for information about how specific vendors are addressing this vulnerability.

Vendor Information

845620
Expand all

Appgate Network Security

Notified:  September 08, 2006 Updated:  September 13, 2006

Status

  Vulnerable

Vendor Statement

AppGate version 7.1.5 and earlier are vulnerable if x509 authentication is used. It is theoretically possible to forge a certificate and thus gain access to the system. A patch will be available from the AppGate support pages.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc.

Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2006-007.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AttachmateWRQ, Inc.

Notified:  September 06, 2006 Updated:  October 20, 2006

Status

  Vulnerable

Vendor Statement

Attachmate has determined that Reflection for the Web is not vulnerable to CERT issue VU#845620.

Attachmate has determined that certain clients in the Reflection product line are vulnerable to CERT issue VU#845620. Attachmate is making patches available. For more information, see Attachmate’s support website at http://support.wrq.com/techdocs/2137.html.

Attachmate is still investigating whether the Reflection for Secure IT products (RSIT Server for Windows and RSIT Client and Server for UNIX) are vulnerable to CERT issue VU#845620.  Please check the support web site below for the latest information.

Attachmate advises that interested parties regularly check Attachmate’s support websites for updates on security related issues:
http://support.wrq.com/techdocs/1708.html for Reflection products
http://support.wrq.com/techdocs/1704.html for Reflection for the Web
http://support.wrq.com/techdocs/1910.html for Reflection for Secure IT products

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya, Inc.

Notified:  September 08, 2006 Updated:  September 18, 2006

Status

  Vulnerable

Vendor Statement

Avaya is vulnerable to this issue, and our public response is located on the web at

http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Blue Coat Systems

Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  September 08, 2006 Updated:  November 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Notified:  September 08, 2006 Updated:  October 03, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.debian.org/security/2006/dsa-1182

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc.

Notified:  September 06, 2006 Updated:  September 11, 2006

Status

  Vulnerable

Vendor Statement

F5 products BIG-IP (4.x and 9.x), FirePass, and WANjet are vulnerable. Patches are being made available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc.

Notified:  September 08, 2006 Updated:  September 11, 2006

Status

  Vulnerable

Vendor Statement

All FreeBSD releases prior to FreeBSD 6.2 are affected by this issue. Patches have been released and FreeBSD Security Advisory FreeBSD-SA-06:19.openssl has been issued concerning the problem.

http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  September 08, 2006 Updated:  October 03, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.gentoo.org/security/en/glsa/glsa-200609-15.xml

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GnuTLS

Updated:  September 20, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html

An updated patch is available at http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  September 08, 2006 Updated:  November 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00794048&jumpid=reg_R1002_USEN

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IAIK Java Group

Notified:  September 06, 2006 Updated:  October 20, 2006

Status

  Vulnerable

Vendor Statement

Current versions of IAIK-JCE (3.142) and IAIK-JCE ME (3.04) are not vulnerable. IAIK-JCE versions 3.14 and earlier and IAIK-JCE ME versions 3.03 and earlier are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation

Notified:  September 08, 2006 Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to IBM Security Annoucement 3117.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Software Consortium

Updated:  January 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to 200611030511.kA35BviX044435.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intoto

Notified:  September 08, 2006 Updated:  September 21, 2006

Status

  Vulnerable

Vendor Statement

Intoto engineering team has analyzed the PKCS-1 signature padding vulnerability documented in this CERT vulnerability note, and found that its VPN and SSLVPN products are affected. Patch is available for fixing this potential vulnerability in Intoto products. Please contact Intoto at support@intoto.com to get the patch.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc.

Notified:  September 08, 2006 Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to PSN-2006-10-002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  September 08, 2006 Updated:  October 03, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.mandriva.com/security/advisories?name=MDKSA-2006:166

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mozilla, Inc.

Updated:  September 19, 2006

Status

  Vulnerable

Vendor Statement

Mozilla has fixed the RSA vulnerability described in VU#845620 and has released an advisory covering several affected products (http://www.mozilla.org/security/announce/2006/mfsa2006-60.html).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenPKG

Updated:  November 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenSSL

Updated:  September 06, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.openssl.org/news/secadv_20060905.txt.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  September 08, 2006 Updated:  September 11, 2006

Status

  Vulnerable

Vendor Statement

We have applied a fix for this issue to the OpenSSL package in Owl-current as of 2006/09/06 and Owl 2.0-stable as of 2006/09/09.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Opera

Notified:  September 19, 2006 Updated:  September 21, 2006

Status

  Vulnerable

Vendor Statement

Refer to http://www.opera.com/support/search/supsearch.dml?index=845.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Updated:  January 17, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RSA Security, Inc.

Notified:  September 06, 2006 Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

RSA BSAFE SSL-C software has been examined and confirmed to be susceptible to this vulnerability; customers should upgrade to RSA BSAFE SSL-C 2.7.1 which includes remediation for this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Notified:  September 08, 2006 Updated:  October 03, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to https://rhn.redhat.com/errata/RHSA-2006-0680.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SSH Communications Security Corp

Notified:  September 08, 2006 Updated:  November 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.ssh.com/documents/33/SSH_Tectia_Server_5.1.1_releasenotes.txt, http://www.ssh.com/documents/33/SSH_Tectia_Manager_2.2.1_releasenotes.txt, http://www.ssh.com/documents/33/SSH_Tectia_Server_zOS_5.2.1_releasenotes.txt, and http://www.ssh.com/documents/33/SSH_Tectia_Client_5.1.1_releasenotes.txt

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  September 08, 2006 Updated:  September 29, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.novell.com/linux/security/advisories/2006_55_ssl.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Linux Inc.

Notified:  September 08, 2006 Updated:  November 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://slackware.com/changelog/i386/ChangeLog-stable.txt

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc.

Notified:  September 06, 2006 Updated:  October 04, 2006

Status

  Vulnerable

Vendor Statement

Refer to http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1&searchclaus

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sybase

Updated:  January 08, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Sybase Alert 1047991.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  September 08, 2006 Updated:  September 25, 2006

Status

  Vulnerable

Vendor Statement

In Ubuntu, three RSA implementations are affected:

Ubuntu 6.06 is already fully fixed (USN-351-1 and USN-352-1), updates are in progress for older stable releases (USN-350-1, for example).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

VMware

Updated:  January 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

VMware has published advisories 9986131, 3069097, 254-200612, 253-200612, 213-200612, and 202-200612 in response to this issue. Please refer to those advisories for additional details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

VanDyke Software

Notified:  September 08, 2006 Updated:  January 22, 2007

Status

  Vulnerable

Vendor Statement

The following VanDyke Software products are affected by VU#845620:

- SecureCRT version 5.2.1 and earlier
- SecureFX version 4.0.1 and earlier
- VShell version 2.6.2 and earlier for Windows, RedHat
Linux, HP-UX, AIX, and Solaris.

Product updates which address this vulnerability are
available. For more information, please visit:

http://www.vandyke.com/support/advisory/2007/01/845620.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

rPath

Updated:  October 04, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to https://issues.rpath.com/browse/RPL-640.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Crypto++ Library

Notified:  September 06, 2006 Updated:  September 07, 2006

Status

  Not Vulnerable

Vendor Statement

Crypto++ is not vulnerable to this attack. You can add this as a vendor statement for VU#845620.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F-Secure Corporation

Notified:  September 08, 2006 Updated:  October 04, 2006

Status

  Not Vulnerable

Vendor Statement

F-Secure antivirus products are not vulnerable. The list of non-vulnerable products includes F-Secure Anti-Virus, F-Secure Internet Security, F-Secure Client Security, F-Secure Server Security, F-Secure Mobile Security, F-Secure Messaging Security Gateway, F-Secure Network Control, and all other products in F-Secure small business and corporate suites, also listed at http://www.f-secure.com/enterprises/products/.

F-Secure VPN+ versions up to version 6.12 are vulnerable in installations that use PKI CA issued certificates, which use third-party generated keys. The RSA key generator in F-Secure products has never allowed the generation of RSA keys with a public exponent of 3. This means that keys created with F-Secure tools cannot be used to mount an attack against F-Secure products or other systems.

The F-Secure SSH product line is exclusively distributed by Attachmate under the Reflection for Secure IT brand. Please see the vendor statement from Attachmate for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Global Technology Associates

Notified:  September 08, 2006 Updated:  September 18, 2006

Status

  Not Vulnerable

Vendor Statement

Global Technology Associates, Inc. has examined this issue and is pleased to report this issue does not impact any versions (current and past) of the GTA firewall products.

To report potential security vulnerabilities in GTA products, send an E-mail message to: security-alert@gta.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software

Notified:  September 06, 2006 Updated:  October 04, 2006

Status

  Not Vulnerable

Vendor Statement

IBM Lotus software products are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

PGP Corporation

Notified:  September 12, 2006 Updated:  September 13, 2006

Status

  Not Vulnerable

Vendor Statement

PGP Corporation's products are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

PuTTY

Notified:  September 08, 2006 Updated:  September 11, 2006

Status

  Not Vulnerable

Vendor Statement

I do not believe that any program in the PuTTY suite is, or has ever been, vulnerable to this attack.

The RSA verification code is in the function rsa2_verifysig() in our source file sshrsa.c, and a quick inspection shows clearly that it rigorously enforces that the ASN.1 data and hash value must be at the very bottom of the PKCS#1 padded integer.

For good measure, our RSA key generator does not, and has never, generated keys with an exponent of 3. (This has nothing to do with whether we're vulnerable to the attack itself, of course, but it does mean we are also not generating keys which can be abused to mount the attack against other systems.)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

nCipher Corporation Ltd.

Notified:  September 26, 2006 Updated:  September 28, 2006

Status

  Not Vulnerable

Vendor Statement

...we can confirm that none of nCipher's hardware security modules are vulnerable to this attack.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3com, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

America Online, Inc.

Notified:  September 07, 2006 Updated:  September 07, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apache HTTP Server Project

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apache-SSL

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aruba Networks, Inc.

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avici Systems, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Bitvise

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Borderware Technologies

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Certicom

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Charlotte's Web Networks

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point Software Technologies

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Chiaro Networks, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Clavister

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Covalent Technologies

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cryptlib

Notified:  September 06, 2006 Updated:  September 18, 2006

Status

  Unknown

Vendor Statement

Although cryptlib shouldn't be vulnerable to the original Bleichenbacher attack, there is ongoing discussion about further attacks that affect any RSA keys with e=3. Because the security community currently doesn't know how serious the problem is, cryptlib users should disable the use of any RSA keys with e=3 by changing the check 'if( BN_get_word( e ) < 3 )' in initCheckRSAkey() in context/kg_rsa.c to 'if( BN_get_word( e ) < 17 )'. Note that this will disable the use of a small number of existing keys that use e=3 (although cryptlib itself will never generate or use private keys with this

value), but until the exact nature of the problem is fully understood this is the only safe fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data Connection, Ltd.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC, Inc. (formerly Data General Corporation)

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Secure Linux

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ericsson

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Extreme Networks

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FiSSH

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Force10 Networks, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fortinet, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreSSH

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hyperchip

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation (zseries)

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IP Filter

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix Communications, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks, Inc.

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel Corporation

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InterPeak

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InterSoft International

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Security Systems, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linksys (A division of Cisco Systems)

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Luminous Networks

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MacSSH

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mirapoint, Inc.

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multinet (owned Process Software Corporation)

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multitech, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetComposite

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NextHop Technologies, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  September 07, 2006 Updated:  September 07, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenSSH

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Pragma Systems

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QNX, Software Systems, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks, Inc.

Notified:  September 08, 2006 Updated:  October 03, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Enterprise Security Division

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Network Security Division

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secureworx, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Silicon Graphics, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Spyrus

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Stunnel

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Unix)

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Turbolinux

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Verisign

Notified:  September 11, 2006 Updated:  September 11, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Watchguard Technologies, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WeOnlyDo! Software

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WinSCP

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eSoft, Inc.

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

lsh

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

mod_ssl

Notified:  September 06, 2006 Updated:  September 06, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

netfilter

Notified:  September 08, 2006 Updated:  September 08, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was reported by Daniel Bleichenbacher.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2006-4339
Severity Metric: 7.56
Date Public: 2006-09-05
Date First Published: 2006-09-21
Date Last Updated: 2007-02-08 15:09 UTC
Document Revision: 95

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.