CVE-2006-4339
The MITRE CVE dictionary describes this issue as:
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Find out more about CVE-2006-4339 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below.
http://rhn.redhat.com/errata/RHSA-2006-0661.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 2.1 | RHSA-2007:0072 | 2007-01-24 |
| Red Hat Enterprise Linux 4 | RHSA-2006:0661 | 2006-09-06 |
| Red Hat Satellite 5.1 (RHEL v.4 AS) (rhn-solaris-bootstrap) | RHSA-2008:0629 | 2008-08-13 |
| Red Hat Enterprise Linux AS version 4 Extras (java-1.4.2-ibm) | RHSA-2007:0062 | 2007-02-07 |
| Red Hat Enterprise Linux 2.1 | RHSA-2006:0661 | 2006-09-06 |
| Red Hat Satellite 5.0 (RHEL v.4 AS) (rhn-solaris-bootstrap) | RHSA-2008:0264 | 2008-05-20 |
| Red Hat Enterprise Linux AS version 3 Extras (java-1.4.2-ibm) | RHSA-2007:0062 | 2007-02-07 |
| Red Hat Enterprise Linux 3 | RHSA-2006:0661 | 2006-09-06 |
| Red Hat Satellite v 4.2 (RHEL v.3 AS) | RHSA-2008:0525 | 2008-06-30 |
| Red Hat Satellite v 4.2 (RHEL v.4 AS) | RHSA-2008:0525 | 2008-06-30 |
| Red Hat Enterprise Linux AS version 4 Extras (java-1.5.0-ibm) | RHSA-2007:0073 | 2007-02-09 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Satellite 5.0 | Server | Affected |
CVE description copyright © 2017, The MITRE Corporation