CVE-2006-5201
First published: Mon Oct 09 2006(Updated: )
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun NSS | ||
| Sun Secure Global Desktop | ||
| Libstaroffice | ||
| Oracle Solaris SPARC | =9.0 | |
| Oracle Solaris SPARC | =10.0 | |
| Sun SunOS | =5.8 | |
| OpenJDK | =1.5.0 | |
| OpenJDK | =1.5.0-update1 | |
| OpenJDK | =1.5.0-update2 | |
| OpenJDK | =1.5.0-update3 | |
| OpenJDK | =1.5.0-update4 | |
| OpenJDK | =1.5.0-update5 | |
| OpenJDK | =1.5.0-update6 | |
| OpenJDK | =1.5.0-update7 | |
| OpenJDK | =1.5.0-update7_b03 | |
| OpenJDK | =1.5.0-update8 | |
| Sun JRE | =1.3.1 | |
| Sun JRE | =1.3.1_2 | |
| Sun JRE | =1.3.1_03 | |
| Sun JRE | =1.3.1_04 | |
| Sun JRE | =1.3.1_05 | |
| Sun JRE | =1.3.1_06 | |
| Sun JRE | =1.3.1_07 | |
| Sun JRE | =1.3.1_08 | |
| Sun JRE | =1.3.1_09 | |
| Sun JRE | =1.3.1_10 | |
| Sun JRE | =1.3.1_11 | |
| Sun JRE | =1.3.1_12 | |
| Sun JRE | =1.3.1_13 | |
| Sun JRE | =1.3.1_14 | |
| Sun JRE | =1.3.1_15 | |
| Sun JRE | =1.3.1_16 | |
| Sun JRE | =1.3.1_17 | |
| Sun JRE | =1.3.1_18 | |
| Sun JRE | =1.3.1_19 | |
| Sun JRE | =1.4.2 | |
| Sun JRE | =1.4.2_1 | |
| Sun JRE | =1.4.2_2 | |
| Sun JRE | =1.4.2_3 | |
| Sun JRE | =1.4.2_4 | |
| Sun JRE | =1.4.2_5 | |
| Sun JRE | =1.4.2_6 | |
| Sun JRE | =1.4.2_7 | |
| Sun JRE | =1.4.2_8 | |
| Sun JRE | =1.4.2_9 | |
| Sun JRE | =1.4.2_10 | |
| Sun JRE | =1.4.2_11 | |
| Sun JRE | =1.4.2_12 | |
| Sun JRE | =1.5.0 | |
| Sun JRE | =1.5.0-update1 | |
| Sun JRE | =1.5.0-update2 | |
| Sun JRE | =1.5.0-update3 | |
| Sun JRE | =1.5.0-update4 | |
| Sun JRE | =1.5.0-update5 | |
| Sun JRE | =1.5.0-update6 | |
| Sun JRE | =1.5.0-update7 | |
| Sun JRE | =1.5.0-update8 | |
| Sun SDK | =1.3.1 | |
| Sun SDK | =1.3.1_01 | |
| Sun SDK | =1.3.1_01a | |
| Sun SDK | =1.3.1_02 | |
| Sun SDK | =1.3.1_03 | |
| Sun SDK | =1.3.1_04 | |
| Sun SDK | =1.3.1_05 | |
| Sun SDK | =1.3.1_06 | |
| Sun SDK | =1.3.1_07 | |
| Sun SDK | =1.3.1_08 | |
| Sun SDK | =1.3.1_09 | |
| Sun SDK | =1.3.1_10 | |
| Sun SDK | =1.3.1_11 | |
| Sun SDK | =1.3.1_12 | |
| Sun SDK | =1.3.1_13 | |
| Sun SDK | =1.3.1_14 | |
| Sun SDK | =1.3.1_15 | |
| Sun SDK | =1.3.1_16 | |
| Sun SDK | =1.3.1_17 | |
| Sun SDK | =1.3.1_18 | |
| Sun SDK | =1.3.1_19 | |
| Sun SDK | =1.4.2 | |
| Sun SDK | =1.4.2_1 | |
| Sun SDK | =1.4.2_2 | |
| Sun SDK | =1.4.2_3 | |
| Sun SDK | =1.4.2_4 | |
| Sun SDK | =1.4.2_5 | |
| Sun SDK | =1.4.2_6 | |
| Sun SDK | =1.4.2_7 | |
| Sun SDK | =1.4.2_8 | |
| Sun SDK | =1.4.2_9 | |
| Sun SDK | =1.4.2_10 | |
| Sun SDK | =1.4.2_11 | |
| Sun SDK | =1.4.2_12 | |
| Sun JSSE | =1.0.3 | |
| Sun JSSE | =1.0.3_01 | |
| Sun JSSE | =1.0.3_02 | |
| Sun JSSE | =1.0.3_03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
- http://www.kb.cert.org/vuls/id/845620
- http://secunia.com/advisories/22204
- http://secunia.com/advisories/22226
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
- http://secunia.com/advisories/22325
- http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
- http://secunia.com/advisories/22992
- http://www.vupen.com/english/advisories/2006/3899
- http://www.vupen.com/english/advisories/2006/3960
- http://www.vupen.com/english/advisories/2006/3898
Frequently Asked Questions
What is the severity of CVE-2006-5201?
CVE-2006-5201 has a CVSS score that indicates a moderate level of severity depending on the specific configuration and use case.
How do I fix CVE-2006-5201?
To fix CVE-2006-5201, ensure you upgrade to the latest versions of all affected software packages identified in the vulnerability report.
Which versions are affected by CVE-2006-5201?
CVE-2006-5201 affects multiple versions of Java JDK, JRE, NSS, JSSE, and other Sun Solaris packages.
What types of software are vulnerable in CVE-2006-5201?
CVE-2006-5201 affects various Sun Solaris software packages, including NSS, Java JDK/JRE, JSSE, and StarOffice.
Can CVE-2006-5201 be exploited remotely?
Yes, CVE-2006-5201 has the potential for remote exploitation, which can compromise the integrity of systems using vulnerable software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- product/secure global desktop
- canonical/sun secure global desktop
- product/nss
- canonical/sun nss
- product/staroffice
- canonical/sun staroffice
- product/sunos
- canonical/sun sunos
- product/solaris
- canonical/sun solaris
- product/jdk
- canonical/sun jdk
- product/jre
- canonical/sun jre
- product/sdk
- canonical/sun sdk
- product/jsse
- canonical/sun jsse
- canonical/libstaroffice
- canonical/oracle solaris sparc
- version/oracle solaris sparc/9.0
- version/oracle solaris sparc/10.0
- version/sun sunos/5.8
- canonical/openjdk
- version/openjdk/1.5.0
- version/openjdk/1.5.0-update1
- version/openjdk/1.5.0-update2
- version/openjdk/1.5.0-update3
- version/openjdk/1.5.0-update4
- version/openjdk/1.5.0-update5
- version/openjdk/1.5.0-update6
- version/openjdk/1.5.0-update7
- version/openjdk/1.5.0-update7_b03
- version/openjdk/1.5.0-update8
- version/sun jre/1.3.1
- version/sun jre/1.3.1_2
- version/sun jre/1.3.1_03
- version/sun jre/1.3.1_04
- version/sun jre/1.3.1_05
- version/sun jre/1.3.1_06
- version/sun jre/1.3.1_07
- version/sun jre/1.3.1_08
- version/sun jre/1.3.1_09
- version/sun jre/1.3.1_10
- version/sun jre/1.3.1_11
- version/sun jre/1.3.1_12
- version/sun jre/1.3.1_13
- version/sun jre/1.3.1_14
- version/sun jre/1.3.1_15
- version/sun jre/1.3.1_16
- version/sun jre/1.3.1_17
- version/sun jre/1.3.1_18
- version/sun jre/1.3.1_19
- version/sun jre/1.4.2
- version/sun jre/1.4.2_1
- version/sun jre/1.4.2_2
- version/sun jre/1.4.2_3
- version/sun jre/1.4.2_4
- version/sun jre/1.4.2_5
- version/sun jre/1.4.2_6
- version/sun jre/1.4.2_7
- version/sun jre/1.4.2_8
- version/sun jre/1.4.2_9
- version/sun jre/1.4.2_10
- version/sun jre/1.4.2_11
- version/sun jre/1.4.2_12
- version/sun jre/1.5.0
- version/sun jre/1.5.0-update1
- version/sun jre/1.5.0-update2
- version/sun jre/1.5.0-update3
- version/sun jre/1.5.0-update4
- version/sun jre/1.5.0-update5
- version/sun jre/1.5.0-update6
- version/sun jre/1.5.0-update7
- version/sun jre/1.5.0-update8
- version/sun sdk/1.3.1
- version/sun sdk/1.3.1_01
- version/sun sdk/1.3.1_01a
- version/sun sdk/1.3.1_02
- version/sun sdk/1.3.1_03
- version/sun sdk/1.3.1_04
- version/sun sdk/1.3.1_05
- version/sun sdk/1.3.1_06
- version/sun sdk/1.3.1_07
- version/sun sdk/1.3.1_08
- version/sun sdk/1.3.1_09
- version/sun sdk/1.3.1_10
- version/sun sdk/1.3.1_11
- version/sun sdk/1.3.1_12
- version/sun sdk/1.3.1_13
- version/sun sdk/1.3.1_14
- version/sun sdk/1.3.1_15
- version/sun sdk/1.3.1_16
- version/sun sdk/1.3.1_17
- version/sun sdk/1.3.1_18
- version/sun sdk/1.3.1_19
- version/sun sdk/1.4.2
- version/sun sdk/1.4.2_1
- version/sun sdk/1.4.2_2
- version/sun sdk/1.4.2_3
- version/sun sdk/1.4.2_4
- version/sun sdk/1.4.2_5
- version/sun sdk/1.4.2_6
- version/sun sdk/1.4.2_7
- version/sun sdk/1.4.2_8
- version/sun sdk/1.4.2_9
- version/sun sdk/1.4.2_10
- version/sun sdk/1.4.2_11
- version/sun sdk/1.4.2_12
- version/sun jsse/1.0.3
- version/sun jsse/1.0.3_01
- version/sun jsse/1.0.3_02
- version/sun jsse/1.0.3_03