製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の RSA 実装において署名が正しく検証されない脆弱性

Title	複数の RSA 実装において署名が正しく検証されない脆弱性
Summary	RSA 署名は、メッセージの発信元が信頼できることを証明するために用いられます。 RSA を実装している複数のソフトウェアにおいて、署名が正しく検証されない脆弱性が存在します。例えば、SSH、SSL、PGP、X.509 などのソフトウェアに影響を及ぼす可能性があります。
Possible impacts	遠隔の第三者により RSA 署名が偽造される可能性があります。これにより、署名されたメッセージの正当性を確認できない場合があります。
Solution	ベンダ情報より正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 5, 2006, midnight
Registration Date	April 1, 2007, midnight
Last Update	May 23, 2014, 6:35 p.m.

CVSS2.0 : 警告
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected System

サン・マイクロシステムズ

J2SE 1.0.3_03 およびそれ以前

JDK 1.3.1_19 およびそれ以前

JDK 5.0 Update 8 およびそれ以前

JRE 1.3.1_19 およびそれ以前

JRE 1.4.2_12 およびそれ以前

JRE 5.0 Update 8 およびそれ以前

SDK 1.4.2_12 およびそれ以前

Sun Java Enterprise System 2003Q4

Sun Java Enterprise System 2004Q2, 2005Q1 および 2005Q4

Sun Java Enterprise System 2005Q1および 2005Q4

Sun Java System Application Server 7 2004Q2

Sun Java System Application Server Enterprise Edition 8.1 2005 Q1

Sun Java System Web Proxy Server 4.0 SP3 およびそれ以前

Sun Java System Web Server 6.0 SP10 およびそれ以前

Sun Java System Web Server 6.1 SP6 およびそれ以前

Sun ONE Application Server 7

Sun ONE Application Server Platform Edition 8.1 2005 Q1

Sun ONE Web Proxy Server 3.6

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 8 (sparc)

Sun Solaris 8 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Linux Advanced Workstation 2.1

ヒューレット・パッカード

HP-UX 11.04

HP-UX 11.11

HP-UX 11.23

ISC, Inc.

BIND 9.2.6-P1 およびそれ以前

BIND 9.3.2-P1 およびそれ以前

トレンドマイクロ

InterScan Messaging Security Suite

Trend Micro InterScan Gateway Security Appliance

Trend Micro ServerProtect for Linux

TrendMicro InterScan VirusWall

TrendMicro InterScan Web Security Suite

オラクル

Oracle E-Business Suite 11.5.10CU2

Oracle HTTP Server 9.2.0.8

OpenSSL Project

OpenSSL 0.9.7j およびそれ以前

OpenSSL 0.9.8b およびそれ以前

SSH コミュニケーションズ・セキュリティ

SSH Tectia Client 5.1.0 およびそれ以前

SSH Tectia Server 5.1.0 およびそれ以前

ターボリナックス

Turbolinux 10_f

Turbolinux Appliance Server 1.0 (hosting)

Turbolinux Appliance Server 1.0 (workgroup)

Turbolinux Appliance Server 2.0

Turbolinux Desktop 10

Turbolinux FUJI

Turbolinux Multimedia

Turbolinux Personal

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 7

Turbolinux Server 8

ターボリナックスホーム

センドメール社

Sendmail Advanced Message Server 2.2

Sendmail Switch 3.2.4 およびそれ以前

Sendmail Switch for Windows 3.1.5

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

BEAシステムズ

BEA WebLogic Express 7.0 SP 7 およびそれ以前

BEA WebLogic Express 8.1 SP 6 およびそれ以前

BEA WebLogic Express 9.0

BEA WebLogic Express 9.1

BEA WebLogic Express 9.2

BEA WebLogic Server 7.0 SP 7 およびそれ以前

BEA WebLogic Server 8.1 SP 6 およびそれ以前

BEA WebLogic Server 9.0

BEA WebLogic Server 9.1

BEA WebLogic Server 9.2

アップル

Apple Mac OS X v10.3.9

Apple Mac OS X v10.4.10

Apple Mac OS X v10.4.8

Apple Mac OS X Server v10.3.9

Apple Mac OS X Server v10.4.10

Apple Mac OS X Server v10.4.8

日本電気

EnterpriseDirectoryServer 全バージョン

IP8800/700 シリーズ

PKIサーバ/Carassuit検証サーバ ver1.0

PKIサーバ/Carassuit検証サーバ ver1.1

SecureWare/PKIアプリケーション開発キット Ver2.0 SSLオプション

SecureWare/セキュリティパック

SecureWare/電子署名開発キット Ver1.0 SSLオプション(Linux版)

富士通

TeamWARE Office 200X セキュリティオプション V1.0L10

TeamWARE Office 200X セキュリティオプション V2.0L10

TeamWARE Office 200X セキュリティオプション V2.0L20

TeamWARE Office 200X セキュリティオプション V2.0L30

TeamWARE Office セキュリティオプション V5.3L11

TeamWARE Office セキュリティオプション V5.3L13

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Server - Enterprise Edition

Cosminexus Server - Standard Edition

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition

Cosminexus Server - Web Edition Version 4

Hitachi Web Server

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Developer Professional

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Service Architect

uCosminexus Service Platform

アライドテレシス

CentreCOM AR410V2

CentreCOM AR415S

CentreCOM AR450S

CentreCOM AR550S

CentreCOM AR570S

CentreCOM AR740

SwimRadius

OpenOffice.org Project

OpenOffice.org 2

OpenOffice.org 3.2 未満

古河電気工業

FITELnet-Fシリーズ FITELnet-F100

FITELnet-Fシリーズ FITELnet-F1000

FITELnet-Fシリーズ FITELnet-F120

FITELnet-Fシリーズ FITELnet-F40（PKI オプションを適用している場合のみ）

FITELnet-Fシリーズ FITELnet-F80

MUCHOシリーズ MUCHO-EV/PK

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-4339	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
National Vulnerability Database (NVD)
2	CVE-2006-4339	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339
OpenOffice.org
3	CVE-2006-4339	http://www.openoffice.org/security/cves/CVE-2006-4339.html

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-255	https://jvndb.jvn.jp/ja/cwe/CWE-255.html

ベンダー情報

No	Name	URL
Apple Downloads
1	Security Update 2006-007 (10.3.9 Client)	http://www.apple.com/support/downloads/securityupdate20060071039client.html
2	Security Update 2006-007 (10.3.9 Server)	http://www.apple.com/support/downloads/securityupdate20060071039server.html
3	Security Update 2006-007 (10.4.8 Client Intel)	http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html
4	Security Update 2006-007 (10.4.8 Client PPC)	http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html
5	Security Update 2006-007 (10.4.8 Server PPC)	http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html
6	Security Update 2006-007 (10.4.8 Server Universal)	http://www.apple.com/support/downloads/securityupdate20060071048serveruniversal.html
Apple Security Updates
7	Java Release 6 for Mac OS X 10.4	http://docs.info.apple.com/article.html?artnum=307177-en
8	Security Update 2006-007	http://docs.info.apple.com/article.html?artnum=304829-en
Apple セキュリティアップデート
9	Java Release 6 for Mac OS X 10.4	http://docs.info.apple.com/article.html?artnum=307177-ja
10	Security Update 2006-007	http://docs.info.apple.com/article.html?artnum=304829-ja
BEA Security Advisory
11	BEA07-169.00	http://dev2dev.bea.com/pub/advisory/238
BEA セキュリティアドバイザリ
12	BEA07-169.00	http://www.beasys.co.jp/dev2dev/resourcelibrary/advisoriesnotifications/bea07-169.html
Critical Patch Updates and Security Alerts
13	Oracle Critical Patch Update - January 2007	http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
FITELnet
14	RSA 署名に関する脆弱性の問題について	http://www.furukawa.co.jp/fitelnet/topic/x509_attacks.html
Hitachi Software Vulnerability Information
15	HS07-034	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-034/index.html
HP Security Bulletin
16	HPSBUX02165	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00794048
17	HPSBUX02219	http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01070495
HP セキュリティ報告
18	HPSBUX02165	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02165.html
19	HPSBUX02219	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02219.html
Internet Systems Consortium Security Advisory
20	BIND 9: OpenSSL Vulnerabilities	http://marc.info/?l=bind-announce&m=116253119512445&w=2
MIRACLE LINUX アップデート情報
21	1003	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1003
22	462	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=462
23	466	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=466
NEC製品セキュリティ情報
24	NV06-007	http://www.nec.co.jp/security-info/secinfo/nv06-007.html
OpenSSL Security Advisory
25	secadv_20060905	http://www.openssl.org/news/secadv_20060905.txt
Red Hat Security Advisory
26	RHSA-2006:0661	http://rhn.redhat.com/errata/RHSA-2006-0661.html
Sendmail Inc. Security Alert
27	SA-200609-01	http://www.sendmail.com/security/advisories/SA-200609-01.txt.asc
28	SA-200609-01.faq	http://www.sendmail.com/sm/security/sa-200609-01.faq/
SSH Communications Security
29	786	http://www.ssh.com/company/news/2006/english/security/article/786/
Sun Alert Notification
30	102648	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
31	102656	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
32	102686	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
33	102696	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
34	102722	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
35	102759	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
TeamWARE Office セキュリティオプション
36	証明書の操作に関するセキュリティ上の脆弱性	http://software.fujitsu.com/jp/security/products-fujitsu/solution/teamware2007_02.html
アップルソフトウェアアップデート
37	Security Update 2006-007 (10.3.9 Client)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071039client.html
38	Security Update 2006-007 (10.3.9 Server)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071039server.html
39	Security Update 2006-007 (10.4.8 Client Intel)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071048clientintel.html
40	Security Update 2006-007 (10.4.8 Client PPC)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071048clientppc.html
41	Security Update 2006-007 (10.4.8 Server PPC)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071048serverppc.html
42	Security Update 2006-007 (10.4.8 Server Universal)	http://www.apple.com/jp/ftp-info/reference/securityupdate20060071048serveruniversal.html
オラクル・セキュリティ・アラート
43	Oracle Critical Patch Update - January 2007	http://otn.oracle.co.jp/security/070119_77/top.html
セキュリティ・脆弱性について
44	RSA署名に関する脆弱性について	http://www.allied-telesis.co.jp/support/list/faq/vuls/20070907.html
ソフトウェア製品セキュリティ情報
45	HS07-034	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS07-034/index.html
トレンドマイクロ Q&Aページ
46	solution 2061730	http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2061730
トレンドマイクロサポート情報
47	InterScan Messaging Security Suite 5.11 Solaris / Linux用 Security Patch 公開のお知らせ	http://www.trendmicro.co.jp/support/news.asp?id=959
レッドハットセキュリティーアップデート
48	RHSA-2006:0661	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0661J.html
富士通公開脆弱性情報
49	VU#845620	http://software.fujitsu.com/jp/security/vulnerabilities/vu845620.html
製品セキュリティ情報
50	TLSA-2006-29	http://www.turbolinux.co.jp/security/2006/TLSA-2006-29j.txt

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2006-3453	http://www.frsirt.com/english/advisories/2006/3453
2	FrSIRT/ADV-2006-4032	http://www.frsirt.com/english/advisories/2006/4032
JVN
3	JVNTA06-333A	http://jvn.jp/cert/JVNTA06-333A/index.html
4	JVNTA07-017A	http://jvn.jp/cert/JVNTA07-017A/
5	JVNVU#845620	http://jvn.jp/cert/JVNVU%23845620
JVN Status Tracking Notes
6	TRTA06-333A	http://jvn.jp/tr/TRTA06-333A
7	TRTA07-017A	http://jvn.jp/tr/TRTA07-017A
Secunia Advisory
8	SA21709	http://secunia.com/advisories/21709/
SecurityFocus
9	19849	http://www.securityfocus.com/bid/19849
US-CERT Cyber Security Alerts
10	SA06-333A	http://www.us-cert.gov/cas/alerts/SA06-333A.html
US-CERT Technical Cyber Security Alert
11	TA06-333A	http://www.us-cert.gov/cas/techalerts/TA06-333A.html
12	TA07-017A	http://www.us-cert.gov/cas/techalerts/TA07-017A.html
US-CERT Vulnerability Note
13	VU#845620	http://www.kb.cert.org/vuls/id/845620

Change Log

No	Changed Details	Date of change
0	[2007年04月01日] 掲載 [2007年05月21日] 影響を受けるシステムを更新しました。ベンダ情報: サン・マイクロシステムズの情報を追加しました。ベンダ情報: BEAシステムズの情報を追加しました。 [2007年05月29日] 影響を受けるシステムを更新しました。ベンダ情報: ミラクル・リナックスの情報を追加しました。 [2007年06月13日] JVNVU#845620 の情報を反映しました。影響を受けるシステムを更新しました。ベンダ情報: トレンドマイクロの情報を追加しました。 [2007年06月19日] 影響を受けるシステムを更新しました。ベンダ情報: ヒューレット・パッカードの情報を追加しました。 [2007年06月20日] 影響を受けるシステムを更新しました。ベンダ情報: 富士通の情報を追加しました。 [2007年09月19日] 影響を受けるシステム:アライドテレシスを追加しました。ベンダ情報: アライドテレシスの情報を追加しました。 [2007年12月28日] 影響を受けるシステム：アップル (Java Release 6 for Mac OS X 10.4) の情報追加。ベンダ情報: アップル (Java Release 6 for Mac OS X 10.4) 追加。 [2010年02月26日] 影響を受けるシステム：OpenOffice.org (CVE-2006-4339) の情報を追加ベンダ情報：OpenOffice.org (CVE-2006-4339) を追加 [2014年05月23日] 影響を受けるシステム：日立 (HS07-034) の情報を追加ベンダ情報：日立 (HS07-034) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-4339

Summary	OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Publication Date	Sept. 6, 2006, 2:04 a.m.
Registration Date	Jan. 29, 2021, 3:44 p.m.
Last Update	Oct. 18, 2018, 6:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl::::::::		0.9.7
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc	SGI
2	http://dev2dev.bea.com/pub/advisory/238	BEA
3	http://docs.info.apple.com/article.html?artnum=304829	CONFIRM
4	http://docs.info.apple.com/article.html?artnum=307177	MISC
5	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495	HP
6	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771	HP
7	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	HP
8	http://jvn.jp/en/jp/JVN51615542/index.html	JVN
9	http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html	JVNDB
10	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	APPLE
11	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	APPLE
12	http://lists.vmware.com/pipermail/security-announce/2008/000008.html	MLIST
13	http://marc.info/?l=bind-announce&m=116253119512445&w=2	MLIST
14	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP
15	http://openvpn.net/changelog.html	CONFIRM
16	http://secunia.com/advisories/21709	SECUNIA	Patch Vendor Advisory
17	http://secunia.com/advisories/21767	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/21776	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/21778	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/21785	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/21791	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/21812	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/21823	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21846	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/21852	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/21870	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/21873	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/21906	SECUNIA	Vendor Advisory
29	http://secunia.com/advisories/21927	SECUNIA	Vendor Advisory
30	http://secunia.com/advisories/21930	SECUNIA	Vendor Advisory
31	http://secunia.com/advisories/21982	SECUNIA	Vendor Advisory
32	http://secunia.com/advisories/22036	SECUNIA	Vendor Advisory
33	http://secunia.com/advisories/22044	SECUNIA
34	http://secunia.com/advisories/22066	SECUNIA
35	http://secunia.com/advisories/22161	SECUNIA	Vendor Advisory
36	http://secunia.com/advisories/22226	SECUNIA	Vendor Advisory
37	http://secunia.com/advisories/22232	SECUNIA	Vendor Advisory
38	http://secunia.com/advisories/22259	SECUNIA	Vendor Advisory
39	http://secunia.com/advisories/22260	SECUNIA	Vendor Advisory
40	http://secunia.com/advisories/22284	SECUNIA
41	http://secunia.com/advisories/22325	SECUNIA
42	http://secunia.com/advisories/22446	SECUNIA
43	http://secunia.com/advisories/22509	SECUNIA
44	http://secunia.com/advisories/22513	SECUNIA
45	http://secunia.com/advisories/22523	SECUNIA
46	http://secunia.com/advisories/22545	SECUNIA
47	http://secunia.com/advisories/22585	SECUNIA
48	http://secunia.com/advisories/22671	SECUNIA
49	http://secunia.com/advisories/22689	SECUNIA
50	http://secunia.com/advisories/22711	SECUNIA
51	http://secunia.com/advisories/22733	SECUNIA
52	http://secunia.com/advisories/22758	SECUNIA
53	http://secunia.com/advisories/22799	SECUNIA
54	http://secunia.com/advisories/22932	SECUNIA
55	http://secunia.com/advisories/22934	SECUNIA
56	http://secunia.com/advisories/22936	SECUNIA
57	http://secunia.com/advisories/22937	SECUNIA
58	http://secunia.com/advisories/22938	SECUNIA
59	http://secunia.com/advisories/22939	SECUNIA
60	http://secunia.com/advisories/22940	SECUNIA
61	http://secunia.com/advisories/22948	SECUNIA
62	http://secunia.com/advisories/22949	SECUNIA
63	http://secunia.com/advisories/23155	SECUNIA
64	http://secunia.com/advisories/23455	SECUNIA
65	http://secunia.com/advisories/23680	SECUNIA
66	http://secunia.com/advisories/23794	SECUNIA
67	http://secunia.com/advisories/23841	SECUNIA
68	http://secunia.com/advisories/23915	SECUNIA
69	http://secunia.com/advisories/24099	SECUNIA
70	http://secunia.com/advisories/24930	SECUNIA
71	http://secunia.com/advisories/24950	SECUNIA
72	http://secunia.com/advisories/25284	SECUNIA
73	http://secunia.com/advisories/25399	SECUNIA
74	http://secunia.com/advisories/25649	SECUNIA
75	http://secunia.com/advisories/26329	SECUNIA
76	http://secunia.com/advisories/26893	SECUNIA
77	http://secunia.com/advisories/28115	SECUNIA
78	http://secunia.com/advisories/31492	SECUNIA
79	http://secunia.com/advisories/38567	SECUNIA
80	http://secunia.com/advisories/38568	SECUNIA
81	http://secunia.com/advisories/41818	SECUNIA
82	http://secunia.com/advisories/60799	SECUNIA
83	http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc	FREEBSD
84	http://security.gentoo.org/glsa/glsa-200609-05.xml	GENTOO
85	http://security.gentoo.org/glsa/glsa-200609-18.xml	GENTOO
86	http://securitytracker.com/id?1016791	SECTRACK
87	http://securitytracker.com/id?1017522	SECTRACK
88	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955	SLACKWARE
89	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306	SLACKWARE
90	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1	SUNALERT
91	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1	SUNALERT
92	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1	SUNALERT
93	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1	SUNALERT
94	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1	SUNALERT
95	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1	SUNALERT
96	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1	SUNALERT
97	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1	SUNALERT
98	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1	SUNALERT
99	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1	SUNALERT
100	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1	SUNALERT
101	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1	SUNALERT
102	http://support.attachmate.com/techdocs/2127.html	CONFIRM
103	http://support.attachmate.com/techdocs/2128.html	CONFIRM
104	http://support.attachmate.com/techdocs/2137.html	CONFIRM
105	http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm	CONFIRM
106	http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf	CONFIRM
107	http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html	CONFIRM
108	http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html	CISCO
109	http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml	CISCO
110	http://www.debian.org/security/2006/dsa-1174	DEBIAN	Patch
111	http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml	GENTOO
112	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	GENTOO
113	http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html	MLIST
114	http://www.kb.cert.org/vuls/id/845620	CERT-VN	US Government Resource
115	http://www.mandriva.com/security/advisories?name=MDKSA-2006:161	MANDRIVA
116	http://www.mandriva.com/security/advisories?name=MDKSA-2006:177	MANDRIVA
117	http://www.mandriva.com/security/advisories?name=MDKSA-2006:178	MANDRIVA
118	http://www.mandriva.com/security/advisories?name=MDKSA-2006:207	MANDRIVA
119	http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/	MISC
120	http://www.novell.com/linux/security/advisories/2006_26_sr.html	SUSE
121	http://www.novell.com/linux/security/advisories/2006_55_ssl.html	SUSE
122	http://www.novell.com/linux/security/advisories/2006_61_opera.html	SUSE
123	http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html	SUSE
124	http://www.openbsd.org/errata.html	OPENBSD
125	http://www.openoffice.org/security/cves/CVE-2006-4339.html	CONFIRM
126	http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html	OPENPKG
127	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html	OPENPKG
128	http://www.openssl.org/news/secadv_20060905.txt	CONFIRM	Patch Vendor Advisory
129	http://www.opera.com/support/search/supsearch.dml?index=845	CONFIRM
130	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html	CONFIRM
131	http://www.osvdb.org/28549	OSVDB
132	http://www.redhat.com/support/errata/RHSA-2006-0661.html	REDHAT	Vendor Advisory
133	http://www.redhat.com/support/errata/RHSA-2007-0062.html	REDHAT
134	http://www.redhat.com/support/errata/RHSA-2007-0072.html	REDHAT
135	http://www.redhat.com/support/errata/RHSA-2007-0073.html	REDHAT
136	http://www.redhat.com/support/errata/RHSA-2008-0629.html	REDHAT
137	http://www.securityfocus.com/archive/1/445231/100/0/threaded	BUGTRAQ
138	http://www.securityfocus.com/archive/1/445822/100/0/threaded	BUGTRAQ
139	http://www.securityfocus.com/archive/1/450327/100/0/threaded	HP
140	http://www.securityfocus.com/archive/1/456546/100/200/threaded	BUGTRAQ
141	http://www.securityfocus.com/archive/1/489739/100/0/threaded	BUGTRAQ
142	http://www.securityfocus.com/bid/19849	BID	Patch
143	http://www.securityfocus.com/bid/22083	BID
144	http://www.securityfocus.com/bid/28276	BID
145	http://www.serv-u.com/releasenotes/	CONFIRM
146	http://www.sybase.com/detail?id=1047991	CONFIRM
147	http://www.ubuntu.com/usn/usn-339-1	UBUNTU	Patch
148	http://www.us.debian.org/security/2006/dsa-1173	DEBIAN	Patch
149	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	CERT	US Government Resource
150	http://www.vmware.com/security/advisories/VMSA-2008-0005.html	CONFIRM
151	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	CONFIRM
152	http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html	CONFIRM
153	http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html	CONFIRM
154	http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html	CONFIRM
155	http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html	CONFIRM
156	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
157	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
158	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
159	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	CONFIRM
160	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	CONFIRM
161	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
162	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
163	http://www.vupen.com/english/advisories/2006/3453	VUPEN
164	http://www.vupen.com/english/advisories/2006/3566	VUPEN
165	http://www.vupen.com/english/advisories/2006/3730	VUPEN
166	http://www.vupen.com/english/advisories/2006/3748	VUPEN
167	http://www.vupen.com/english/advisories/2006/3793	VUPEN
168	http://www.vupen.com/english/advisories/2006/3899	VUPEN
169	http://www.vupen.com/english/advisories/2006/3936	VUPEN
170	http://www.vupen.com/english/advisories/2006/4205	VUPEN
171	http://www.vupen.com/english/advisories/2006/4206	VUPEN
172	http://www.vupen.com/english/advisories/2006/4207	VUPEN
173	http://www.vupen.com/english/advisories/2006/4216	VUPEN
174	http://www.vupen.com/english/advisories/2006/4327	VUPEN
175	http://www.vupen.com/english/advisories/2006/4329	VUPEN
176	http://www.vupen.com/english/advisories/2006/4366	VUPEN
177	http://www.vupen.com/english/advisories/2006/4417	VUPEN
178	http://www.vupen.com/english/advisories/2006/4586	VUPEN
179	http://www.vupen.com/english/advisories/2006/4744	VUPEN
180	http://www.vupen.com/english/advisories/2006/4750	VUPEN
181	http://www.vupen.com/english/advisories/2006/5146	VUPEN
182	http://www.vupen.com/english/advisories/2007/0254	VUPEN
183	http://www.vupen.com/english/advisories/2007/0343	VUPEN
184	http://www.vupen.com/english/advisories/2007/1401	VUPEN
185	http://www.vupen.com/english/advisories/2007/1815	VUPEN
186	http://www.vupen.com/english/advisories/2007/1945	VUPEN
187	http://www.vupen.com/english/advisories/2007/2163	VUPEN
188	http://www.vupen.com/english/advisories/2007/2315	VUPEN
189	http://www.vupen.com/english/advisories/2007/2783	VUPEN
190	http://www.vupen.com/english/advisories/2007/4224	VUPEN
191	http://www.vupen.com/english/advisories/2008/0905/references	VUPEN
192	http://www.vupen.com/english/advisories/2010/0366	VUPEN
193	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	HP
194	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117	CONFIRM
195	https://exchange.xforce.ibmcloud.com/vulnerabilities/28755	XF
196	https://issues.rpath.com/browse/RPL-1633	CONFIRM
197	https://issues.rpath.com/browse/RPL-616	CONFIRM
198	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656	OVAL
199	https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html	CONFIRM
200	https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144	HP

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl::::::::		0.9.7
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*