OpenSSL RSA Signatures Can Be Forged
|
|
SecurityTracker Alert ID: 1016791
|
|
SecurityTracker URL: http://securitytracker.com/id?1016791
|
|
CVE Reference: CVE-2006-4339
(Links to External Site)
|
Date: Sep 5 2006
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.9.7j and prior versions, 0.9.8 - 0.9.8b
|
Description: A vulnerability was reported in OpenSSL. A remote user may be able to forge certain digital signatures.
If an RSA key with exponent 3 is used, a remote user may be able to forge a PKCS #1 v1.5 signature for that key.
Software that
uses PKCS #1 v1.5 may be affected. Software that uses OpenSSL to verify X.509 certificates may also be affected.
Daniel Bleichenbacher
reported the type of attack that is possible against PKCS #1 v1.5 signatures.
|
Impact: A remote user may be able to forge signatures (and certificates).
|
Solution: The vendor has released fixed versions (0.9.7k, 0.9.8c). The vendor has issued the following solution options [quoted]:
1. Upgrade
the OpenSSL server software.
The vulnerability is resolved in the following versions of OpenSSL:
- in the 0.9.7 branch,
version 0.9.7k (or later);
- in the 0.9.8 branch, version 0.9.8c (or later).
OpenSSL 0.9.8c and OpenSSL 0.9.7k are
available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under
http://www.openssl.org/source/mirror.html):
o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8c.tar.gz
MD5 checksum: 78454bec556bcb4c45129428a766c886
SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d
o openssl-0.9.7k.tar.gz
MD5 checksum: be6bba1d67b26eabb48cf1774925416f
SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
2. If this version upgrade is not an option
at the present time,
alternatively the following patch may be applied to the OpenSSL
source code to resolve the problem.
The patch is compatible with
the 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL.
o http://www.openssl.org/news/patch-CVE-2006-4339.txt
Whether
you choose to upgrade to a new version or to apply the patch,
make sure to recompile any applications statically linked to OpenSSL
libraries.
The
advisory is available at:
http://www.openssl.org/news/secadv_20060905.txt
|
Vendor URL: www.openssl.org/news/secadv_20060905.txt (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 5 Sep 2006 07:55:27 -0400
Subject: OpenSSL Security Advisory [5th September 2006]
|
http://www.openssl.org/news/secadv_20060905.txt
CVE-2006-4339
|
|
