CVE-2006-5201

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:P

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/22204 Patch Third Party Advisory
http://secunia.com/advisories/22226 Third Party Advisory
http://secunia.com/advisories/22325 Third Party Advisory
http://secunia.com/advisories/22992 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm Third Party Advisory
http://www.kb.cert.org/vuls/id/845620 Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/3898 Permissions Required
http://www.vupen.com/english/advisories/2006/3899 Permissions Required
http://www.vupen.com/english/advisories/2006/3960 Permissions Required
http://secunia.com/advisories/22204 Patch Third Party Advisory
http://secunia.com/advisories/22226 Third Party Advisory
http://secunia.com/advisories/22325 Third Party Advisory
http://secunia.com/advisories/22992 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm Third Party Advisory
http://www.kb.cert.org/vuls/id/845620 Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/3898 Permissions Required
http://www.vupen.com/english/advisories/2006/3899 Permissions Required
http://www.vupen.com/english/advisories/2006/3960 Permissions Required
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:nss:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:secure_global_desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:sun:solaris:9.0:*:*:*:*:sparc:*:*
cpe:2.3:o:sun:solaris:10.0:*:*:*:*:sparc:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:sun:jre:1.3.1:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:jsse:1.0.3_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jsse:1.0.3_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jsse:1.0.3_03:*:*:*:*:*:*:*
History

21 Nov 2024, 00:18

Type Values Removed Values Added
References () http://secunia.com/advisories/22204 - Patch, Third Party Advisory () http://secunia.com/advisories/22204 - Patch, Third Party Advisory
References () http://secunia.com/advisories/22226 - Third Party Advisory () http://secunia.com/advisories/22226 - Third Party Advisory
References () http://secunia.com/advisories/22325 - Third Party Advisory () http://secunia.com/advisories/22325 - Third Party Advisory
References () http://secunia.com/advisories/22992 - Third Party Advisory () http://secunia.com/advisories/22992 - Third Party Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 - Broken Link
References () http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm - Third Party Advisory () http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/845620 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/845620 - Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2006/3898 - Permissions Required () http://www.vupen.com/english/advisories/2006/3898 - Permissions Required
References () http://www.vupen.com/english/advisories/2006/3899 - Permissions Required () http://www.vupen.com/english/advisories/2006/3899 - Permissions Required
References () http://www.vupen.com/english/advisories/2006/3960 - Permissions Required () http://www.vupen.com/english/advisories/2006/3960 - Permissions Required
Information

Published : 2006-10-10 04:06

Updated : 2024-11-21 00:18

NVD link : CVE-2006-5201

Mitre link : CVE-2006-5201

CVE.ORG link : CVE-2006-5201

JSON object : View

Products Affected

sun

  • sunos
  • secure_global_desktop
  • sdk
  • jdk
  • jsse
  • staroffice
  • solaris
  • jre
  • nss
CWE
NVD-CWE-Other