2017-10-16 12:31:07 -04:00
{
2019-03-18 01:01:40 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com" ,
"ID" : "CVE-2006-4340" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
2017-10-16 12:31:07 -04:00
]
2019-03-18 01:01:40 +00:00
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" ,
"refsource" : "MISC" ,
"url" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
} ,
{
"name" : "1016858" ,
"refsource" : "SECTRACK" ,
"url" : "http://securitytracker.com/id?1016858"
} ,
{
"name" : "22992" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22992"
} ,
{
"name" : "ADV-2006-3748" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2006/3748"
} ,
{
"name" : "1016859" ,
"refsource" : "SECTRACK" ,
"url" : "http://securitytracker.com/id?1016859"
} ,
{
"name" : "RHSA-2006:0676" ,
"refsource" : "REDHAT" ,
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
} ,
{
"name" : "23883" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/23883"
} ,
{
"name" : "ADV-2006-3899" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2006/3899"
} ,
{
"name" : "22044" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22044"
} ,
{
"name" : "22055" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22055"
} ,
{
"name" : "22195" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22195"
} ,
{
"name" : "USN-361-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/usn-361-1"
} ,
{
"name" : "USN-352-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/usn-352-1"
} ,
{
"name" : "22446" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22446"
} ,
{
"name" : "21950" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21950"
} ,
{
"name" : "USN-351-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/usn-351-1"
} ,
{
"name" : "22025" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22025"
} ,
{
"name" : "22056" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22056"
} ,
{
"name" : "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error" ,
"refsource" : "MLIST" ,
"url" : "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
} ,
{
"name" : "TA06-312A" ,
"refsource" : "CERT" ,
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
} ,
{
"name" : "22247" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22247"
} ,
{
"name" : "MDKSA-2006:168" ,
"refsource" : "MANDRIVA" ,
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
} ,
{
"name" : "DSA-1191" ,
"refsource" : "DEBIAN" ,
"url" : "http://www.us.debian.org/security/2006/dsa-1191"
} ,
{
"name" : "ADV-2007-0293" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2007/0293"
} ,
{
"name" : "22210" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22210"
} ,
{
"name" : "DSA-1210" ,
"refsource" : "DEBIAN" ,
"url" : "http://www.debian.org/security/2006/dsa-1210"
} ,
{
"name" : "24711" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/24711"
} ,
{
"name" : "ADV-2006-3622" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2006/3622"
} ,
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
} ,
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" ,
"refsource" : "CONFIRM" ,
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
} ,
{
"name" : "1016860" ,
"refsource" : "SECTRACK" ,
"url" : "http://securitytracker.com/id?1016860"
} ,
{
"name" : "22849" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22849"
} ,
{
"name" : "ADV-2008-0083" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2008/0083"
} ,
{
"name" : "20060901-01-P" ,
"refsource" : "SGI" ,
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
} ,
{
"name" : "21939" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21939"
} ,
{
"name" : "ADV-2006-3617" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2006/3617"
} ,
{
"name" : "GLSA-200610-06" ,
"refsource" : "GENTOO" ,
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
} ,
{
"name" : "21915" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21915"
} ,
{
"name" : "ADV-2007-1198" ,
"refsource" : "VUPEN" ,
"url" : "http://www.vupen.com/english/advisories/2007/1198"
} ,
{
"name" : "RHSA-2006:0677" ,
"refsource" : "REDHAT" ,
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
} ,
{
"name" : "DSA-1192" ,
"refsource" : "DEBIAN" ,
"url" : "http://www.debian.org/security/2006/dsa-1192"
} ,
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm" ,
"refsource" : "CONFIRM" ,
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
} ,
{
"name" : "GLSA-200609-19" ,
"refsource" : "GENTOO" ,
"url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml"
} ,
{
"name" : "SSRT061181" ,
"refsource" : "HP" ,
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
} ,
{
"name" : "22274" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22274"
} ,
{
"name" : "RHSA-2006:0675" ,
"refsource" : "REDHAT" ,
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
} ,
{
"name" : "21940" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21940"
} ,
{
"name" : "mozilla-nss-security-bypass(30098)" ,
"refsource" : "XF" ,
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
} ,
{
"name" : "102648" ,
"refsource" : "SUNALERT" ,
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
} ,
{
"name" : "22001" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22001"
} ,
{
"name" : "20060915 rPSA-2006-0169-1 firefox thunderbird" ,
"refsource" : "BUGTRAQ" ,
"url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
} ,
{
"name" : "21903" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21903"
} ,
{
"name" : "USN-350-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/usn-350-1"
} ,
{
"name" : "21906" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21906"
} ,
{
"name" : "HPSBUX02153" ,
"refsource" : "HP" ,
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
} ,
{
"name" : "22342" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22342"
} ,
{
"name" : "GLSA-200610-01" ,
"refsource" : "GENTOO" ,
"url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml"
} ,
{
"name" : "22074" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22074"
} ,
{
"name" : "22226" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22226"
} ,
{
"name" : "22066" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22066"
} ,
{
"name" : "22088" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22088"
} ,
{
"name" : "21949" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21949"
} ,
{
"name" : "SUSE-SA:2006:054" ,
"refsource" : "SUSE" ,
"url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
} ,
{
"name" : "https://issues.rpath.com/browse/RPL-640" ,
"refsource" : "CONFIRM" ,
"url" : "https://issues.rpath.com/browse/RPL-640"
} ,
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html" ,
"refsource" : "MISC" ,
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
} ,
{
"name" : "22036" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22036"
} ,
{
"name" : "SUSE-SA:2006:055" ,
"refsource" : "SUSE" ,
"url" : "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
} ,
{
"name" : "oval:org.mitre.oval:def:11007" ,
"refsource" : "OVAL" ,
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
} ,
{
"name" : "USN-354-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/usn-354-1"
} ,
{
"name" : "102781" ,
"refsource" : "SUNALERT" ,
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
} ,
{
"name" : "22422" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22422"
} ,
{
"name" : "22299" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/22299"
} ,
{
"name" : "MDKSA-2006:169" ,
"refsource" : "MANDRIVA" ,
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
} ,
{
"name" : "21916" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/21916"
}
]
}
}
