Check Point Advisories

Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability

Check Point Reference: CPAI-2006-123
Date Published: 13 Nov 2006
Severity: Low
Last Updated: Thursday 03 May, 2007
Source: FrSIRT/ADV-2006-3453
Industry Reference:CVE-2006-4339
US-CERT VU#845620
Protection Provided by:
Who is Vulnerable? OpenSSL version 0.9.7j and prior
OpenSSL version 0.9.8b and prior
Vulnerability Description RSA signatures are used to authenticate the source of messages. A vulnerability in OpenSSL could be exploited by remote attackers to forge RSA signatures. Successful exploitation of this vulnerability may allow an attacker to bypass security restrictions and gain unauthorized access to a target system.
Update/Patch AvaliableUpgrade to version 0.9.7k or 0.9.8c:
http://www.openssl.org/source/
Vulnerability DetailsThe vulnerability in OpenSSL is due to improper validation of RSA keys with exponent 3. If an RSA key with a public exponent of 3 is used, a remote attacker can exploit this by forging a PKCS #1 v1.5 signature and certificate signed by that key. Successful exploitation of the vulnerability may allow remote attackers to bypass security restrictions and gain unauthorized access to a target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK