RSA Key Vulnerability in Sun Solaris Products
CVE-2006-5201

Currently unrated

Key Information:

Vendor: Oracle
Status: Secure Global Desktop; Nss; Staroffice
Vendor: CVE Published:; 10 October 2006

What is CVE-2006-5201?

Certain Sun Solaris products exhibit a vulnerability involving the handling of RSA keys with an exponent of 3, where improper PKCS-1 padding is utilized before hash generation. This flaw allows remote attackers to forge PKCS #1 v1.5 signatures, leading to potential exploitation where products fail to validate X.509 certificates correctly. This could have far-reaching implications for secure communications and data integrity, as the affected software might accept fraudulent signatures, undermining security protocols.

References

http://secunia.com/advisories/22992

third-party-advisoryx_refsource_SECUNIA

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2006/3899

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006

Oracle

What is CVE-2006-5201?

References

Timeline