Vulnerability Details : CVE-2006-5201

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
Publish Date : 2006-10-10 Last Update Date : 2008-09-05

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-5201

#	Product Type	Vendor	Product	Version	Update	Edition
1	Application	SUN	JDK	1.5.0	Update8		Version Details Vulnerabilities
2	Application	SUN	JRE	1.3.1	Update19		Version Details Vulnerabilities
3	Application	SUN	JRE	1.4.2	Update12		Version Details Vulnerabilities
4	Application	SUN	JRE	1.5.0	Update8		Version Details Vulnerabilities
5	Application	SUN	Jsse	1.0.3 03			Version Details Vulnerabilities
6	Application	SUN	NSS				Version Details Vulnerabilities
7	Application	SUN	SDK	1.3.1 19			Version Details Vulnerabilities
8	Application	SUN	SDK	1.4.2 12			Version Details Vulnerabilities
9	Application	SUN	Secure Global Desktop				Version Details Vulnerabilities
10	OS	SUN	Solaris	8.0			Version Details Vulnerabilities
11	OS	SUN	Solaris	9.0		Sparc	Version Details Vulnerabilities
12	OS	SUN	Solaris	10.0		Sparc	Version Details Vulnerabilities
13	Application	SUN	Staroffice				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
SUN	JDK	1
SUN	JRE	3
SUN	Jsse	1
SUN	NSS	1
SUN	SDK	2
SUN	Secure Global Desktop	1
SUN	Solaris	3
SUN	Staroffice	1

- References For CVE-2006-5201

http://secunia.com/advisories/22992
SECUNIA 22992

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
SUNALERT 102657

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm CONFIRM

http://www.frsirt.com/english/advisories/2006/3960
VUPEN ADV-2006-3960

http://secunia.com/advisories/22226
SECUNIA 22226

http://www.frsirt.com/english/advisories/2006/3899
VUPEN ADV-2006-3899

http://secunia.com/advisories/22204
SECUNIA 22204

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
SUNALERT 102648

http://www.frsirt.com/english/advisories/2006/3898
VUPEN ADV-2006-3898

http://www.kb.cert.org/vuls/id/845620
CERT-VN VU#845620

http://secunia.com/advisories/22325
SECUNIA 22325

- Metasploit Modules Related To CVE-2006-5201

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)