Vulnerabilities > CVE-2007-6721 - Unspecified vulnerability in Bouncycastle products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
bouncycastle
critical
nessus
NVD
Published: 2009-03-30
Updated: 2012-11-16

Summary

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Vulnerable Configurations

Part Description Count
Application
Bouncycastle
72

Nessus

NASL familyWeb Servers
NASL idOPENSSL_0_9_7K_0_9_8C.NASL
descriptionAccording to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7k or 0.9.8c. These versions do not properly verify PKCS #1 v1.5 signatures and X509 certificates when the RSA exponent is 3.
last seen2020-06-01
modified2020-06-02
plugin id17756
published2012-01-04
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17756
titleOpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17756);
  script_version("1.11");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2006-4339");
# See also CVE-2006-4340, CVE-2006-5462, CVE-2007-6721
  script_bugtraq_id(19849);
  script_xref(name:"CERT", value:"845620");

  script_name(english:"OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability");
  script_summary(english:"Does a banner check");

  script_set_attribute(attribute:"synopsis", value:
"The SSL layer on the remote server does not properly verify
signatures.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote server is running a version of 
OpenSSL that is earlier than 0.9.7k or 0.9.8c.

These versions do not properly verify PKCS #1 v1.5 signatures and X509
certificates when the RSA exponent is 3.");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20060905.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.us-cert.gov/ncas/alerts/ta06-333a");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.7k / 0.9.8c or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(310);

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/09/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("openssl_version.nasl");
  script_require_keys("openssl/port");

  exit(0);
}

include("openssl_version.inc");

openssl_check_version(fixed:make_list('0.9.7k', '0.9.8c'), severity:SECURITY_WARNING);

References