Vulnerabilities > CVE-2006-7140 - Remote Security vulnerability in Solaris

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sun
nessus

Summary

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. Impacts vary based on the application(s) that use this library. See "Sun Alert ID: 102722" for details.

Vulnerable Configurations

Part Description Count
OS
Sun
2

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214.NASL
    descriptionNSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17 This plugin has been deprecated and either replaced with individual 119214 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id20055
    published2005-10-19
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20055
    titleSolaris 10 (x86) : 119214-36 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(20055);
      script_version("1.34");
      script_cvs_date("Date: 2018/07/30 13:40:15");
    
      script_cve_id("CVE-2006-4339", "CVE-2006-4842", "CVE-2006-5201", "CVE-2006-7140");
    
      script_name(english:"Solaris 10 (x86) : 119214-36 (deprecated)");
      script_summary(english:"Check for patch 119214-36");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2.
    Date this patch was last updated by Sun : Nov/11/17
    
    This plugin has been deprecated and either replaced with individual
    119214 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/119214-36"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119214 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-32.NASL
    descriptionNSS_NSPR_JSS 3.17.4_x86: NSPR 4.10.7 / NSS 3.17.4 / JSS 4.3.2. Date this patch was last updated by Sun : Dec/24/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107814
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107814
    titleSolaris 10 (x86) : 119214-32
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-27.NASL
    descriptionNSS_NSPR_JSS 3.13.1_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2. Date this patch was last updated by Sun : Feb/08/12
    last seen2020-06-01
    modified2020-06-02
    plugin id107811
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107811
    titleSolaris 10 (x86) : 119214-27 (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-339-1.NASL
    descriptionPhilip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27918
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27918
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerability (USN-339-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_119209.NASL
    descriptionNSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17
    last seen2020-06-01
    modified2020-06-02
    plugin id23414
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23414
    titleSolaris 8 (sparc) : 119209-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213.NASL
    descriptionNSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119213 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id20052
    published2005-10-19
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20052
    titleSolaris 10 (sparc) : 119213-36 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_119211.NASL
    descriptionNSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id19842
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19842
    titleSolaris 9 (sparc) : 119211-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_114045.NASL
    descriptionSecurity 3.3.4.8: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/08/06
    last seen2020-06-01
    modified2020-06-02
    plugin id23361
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23361
    titleSolaris 8 (sparc) : 114045-14
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-33.NASL
    descriptionNSS_NSPR_JSS 3.21_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2. Date this patch was last updated by Sun : Mar/22/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107815
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107815
    titleSolaris 10 (x86) : 119214-33
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_121229-02.NASL
    descriptionSunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2020-06-01
    modified2020-06-02
    plugin id107376
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107376
    titleSolaris 10 (sparc) : 121229-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-38.NASL
    descriptionNSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2. Date this patch was last updated by Sun : May/16/18
    last seen2020-06-01
    modified2020-06-02
    plugin id109882
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109882
    titleSolaris 10 (sparc) : 119213-38
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_118372.NASL
    descriptionSunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2018-09-01
    modified2018-08-13
    plugin id20333
    published2005-12-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20333
    titleSolaris 10 (x86) : 118372-10
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-161.NASL
    descriptionDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Updated packages are patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id23905
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23905
    titleMandrake Linux Security Advisory : openssl (MDKSA-2006:161)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_116648-25.NASL
    descriptionWeb Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107295
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107295
    titleSolaris 10 (sparc) : 116648-25
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_116648.NASL
    descriptionWeb Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 This plugin has been deprecated and either replaced with individual 116648 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22946
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22946
    titleSolaris 10 (sparc) : 116648-25 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_119212.NASL
    descriptionNSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id19844
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19844
    titleSolaris 9 (x86) : 119212-36
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1174.NASL
    descriptionDaniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
    last seen2020-06-01
    modified2020-06-02
    plugin id22716
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22716
    titleDebian DSA-1174-1 : openssl096 - cryptographic weakness
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-36.NASL
    descriptionNSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107816
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107816
    titleSolaris 10 (x86) : 119214-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_121229.NASL
    descriptionSunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2018-09-01
    modified2018-08-13
    plugin id20272
    published2005-12-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20272
    titleSolaris 10 (sparc) : 121229-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-37.NASL
    descriptionNSS_NSPR_JSS 3.34_x86: NSPR 4.17 / NSS 3.3. Date this patch was last updated by Sun : May/16/18
    last seen2020-06-01
    modified2020-06-02
    plugin id109912
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109912
    titleSolaris 10 (x86) : 119214-37
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_122715.NASL
    descriptionSunOS 5.9_x86: wanboot and pkg utilities Patch. Date this patch was last updated by Sun : Oct/31/11
    last seen2020-06-01
    modified2020-06-02
    plugin id27031
    published2007-10-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27031
    titleSolaris 9 (x86) : 122715-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114435.NASL
    descriptionSunOS 5.9_x86: IKE patch. Date this patch was last updated by Sun : Aug/09/10
    last seen2016-09-26
    modified2012-06-14
    plugin id13602
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13602
    titleSolaris 9 (x86) : 114435-16
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-36.NASL
    descriptionNSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107313
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107313
    titleSolaris 10 (sparc) : 119213-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_116649-25.NASL
    descriptionWeb Server 6.1: Sun ONE Web Server 6.1_x86 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107796
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107796
    titleSolaris 10 (x86) : 116649-25
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-38.NASL
    descriptionNSS_NSPR_JSS 3.35_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2. Date this patch was last updated by Sun : May/16/18
    last seen2020-06-01
    modified2020-06-02
    plugin id109884
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109884
    titleSolaris 10 (x86) : 119214-38
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-30.NASL
    descriptionNSS_NSPR_JSS 3.16: NSPR 4.10.4 / NSS 3.16. Date this patch was last updated by Sun : Nov/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107309
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107309
    titleSolaris 10 (sparc) : 119213-30
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113451.NASL
    descriptionSunOS 5.9: IKE patch. Date this patch was last updated by Sun : Aug/09/10
    last seen2016-09-26
    modified2012-06-14
    plugin id13538
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13538
    titleSolaris 9 (sparc) : 113451-17
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-207.NASL
    descriptionThe BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the
    last seen2020-06-01
    modified2020-06-02
    plugin id24592
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24592
    titleMandrake Linux Security Advisory : bind (MDKSA-2006:207)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-33.NASL
    descriptionNSS_NSPR_JSS 3.21: NSPR 4.11 / NSS 3.21 /. Date this patch was last updated by Sun : Mar/22/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107312
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107312
    titleSolaris 10 (sparc) : 119213-33
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_116648.NASL
    descriptionWeb Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen2020-06-01
    modified2020-06-02
    plugin id23519
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23519
    titleSolaris 9 (sparc) : 116648-25
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-30.NASL
    descriptionNSS_NSPR_JSS 3.16_x86: NSPR 4.10.4 / NSS 3. Date this patch was last updated by Sun : Nov/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107812
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107812
    titleSolaris 10 (x86) : 119214-30
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_118371.NASL
    descriptionSunOS 5.10: elfsign patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2018-09-02
    modified2018-08-13
    plugin id20332
    published2005-12-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20332
    titleSolaris 10 (sparc) : 118371-10
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-178.NASL
    descriptionOpenssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen2020-06-01
    modified2020-06-02
    plugin id24564
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24564
    titleMandrake Linux Security Advisory : ntp (MDKSA-2006:178)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-37.NASL
    descriptionNSS_NSPR_JSS 3.34: NSPR 4.17 / NSS 3.34 /. Date this patch was last updated by Sun : May/16/18
    last seen2020-06-01
    modified2020-06-02
    plugin id109911
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109911
    titleSolaris 10 (sparc) : 119213-37
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114050.NASL
    descriptionSunOS 5.9_x86: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/08/06
    last seen2020-06-01
    modified2020-06-02
    plugin id13589
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13589
    titleSolaris 9 (x86) : 114050-14
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_121230.NASL
    descriptionSunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2018-09-01
    modified2018-08-13
    plugin id20275
    published2005-12-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20275
    titleSolaris 10 (x86) : 121230-02
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-177.NASL
    descriptionOpenssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen2020-06-01
    modified2020-06-02
    plugin id24563
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24563
    titleMandrake Linux Security Advisory : MySQL (MDKSA-2006:177)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_116648.NASL
    descriptionWeb Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10
    last seen2020-06-01
    modified2020-06-02
    plugin id23381
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23381
    titleSolaris 8 (sparc) : 116648-25
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-31.NASL
    descriptionNSS_NSPR_JSS 3.17.2: NSPR 4.10.7 / NSS 3.1. Date this patch was last updated by Sun : Feb/19/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107310
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107310
    titleSolaris 10 (sparc) : 119213-31
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-27.NASL
    descriptionNSS_NSPR_JSS 3.13.1: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2. Date this patch was last updated by Sun : Feb/08/12
    last seen2020-06-01
    modified2020-06-02
    plugin id107308
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107308
    titleSolaris 10 (sparc) : 119213-27 (BEAST)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_117123.NASL
    descriptionSunOS 5.9: wanboot and pkg utilities Patch. Date this patch was last updated by Sun : Oct/31/11
    last seen2020-06-01
    modified2020-06-02
    plugin id26166
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26166
    titleSolaris 9 (sparc) : 117123-10
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_121230-02.NASL
    descriptionSunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2020-06-01
    modified2020-06-02
    plugin id107877
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107877
    titleSolaris 10 (x86) : 121230-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119213-32.NASL
    descriptionNSS_NSPR_JSS 3.17.4: NSPR 4.10.7 / NSS 3.17.4 / JSS 4.3.2. Date this patch was last updated by Sun : Dec/24/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107311
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107311
    titleSolaris 10 (sparc) : 119213-32
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_114049.NASL
    descriptionSunOS 5.9: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/07/06
    last seen2020-06-01
    modified2020-06-02
    plugin id13548
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13548
    titleSolaris 9 (sparc) : 114049-14
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119214-31.NASL
    descriptionNSS_NSPR_JSS 3.17.2_x86: NSPR 4.10.7 / NSS. Date this patch was last updated by Sun : Feb/19/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107813
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107813
    titleSolaris 10 (x86) : 119214-31

Oval

accepted2007-09-27T08:57:40.937-04:00
classvulnerability
contributors
namePai Peng
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionThe libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
familyunix
idoval:org.mitre.oval:def:1648
statusaccepted
submitted2007-08-10T12:25:20.000-04:00
titleSecurity Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike Library
version36