What is the severity of CVE-2006-5484?

CVE-2006-5484 has a moderate severity level due to its potential for allowing signature forgery.

How do I fix CVE-2006-5484?

To fix CVE-2006-5484, upgrade to a version of SSH Tectia Client/Server/Connector or Manager that is later than 5.1.0 or 2.2.0 respectively.

What products are affected by CVE-2006-5484?

CVE-2006-5484 affects SSH Tectia Client, Server, Connector, and Manager versions 5.1.0 and earlier for the Client, Server, and Connector, and 2.2.0 and earlier for the Manager.

Can CVE-2006-5484 be exploited remotely?

Yes, CVE-2006-5484 can be exploited remotely by attackers to forge signatures.

What cryptographic components are involved in CVE-2006-5484?

CVE-2006-5484 involves RSA keys with an exponent of 3 and the improper handling of PKCS #1 v1.5 padding during hash generation.

Vulnerability/
CVE-2006-5484

medium

CWE

NVD-CWE-Other

24/10/2006

28/8/2019

CVE-2006-5484

First published: Tue Oct 24 2006(Updated: )

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SSH Tectia Client	<=5.1.0
SSH Tectia Connector	<=5.1.0
SSH Tectia Manager	<=2.2.0
SSH Tectia Server	<=5.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-5484?
CVE-2006-5484 has a moderate severity level due to its potential for allowing signature forgery.
How do I fix CVE-2006-5484?
To fix CVE-2006-5484, upgrade to a version of SSH Tectia Client/Server/Connector or Manager that is later than 5.1.0 or 2.2.0 respectively.
What products are affected by CVE-2006-5484?
CVE-2006-5484 affects SSH Tectia Client, Server, Connector, and Manager versions 5.1.0 and earlier for the Client, Server, and Connector, and 2.2.0 and earlier for the Manager.
Can CVE-2006-5484 be exploited remotely?
Yes, CVE-2006-5484 can be exploited remotely by attackers to forge signatures.
What cryptographic components are involved in CVE-2006-5484?
CVE-2006-5484 involves RSA keys with an exponent of 3 and the improper handling of PKCS #1 v1.5 padding during hash generation.

agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/first-publish-date
agent/softwarecombine
agent/remedy
agent/last-modified-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ssh
canonical/ssh tectia client
version/ssh tectia client/5.1.0
canonical/ssh tectia server
version/ssh tectia server/5.1.0
canonical/ssh tectia connector
version/ssh tectia connector/5.1.0
canonical/ssh tectia manager
version/ssh tectia manager/2.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2006-5484?
CVE-2006-5484 has a moderate severity level due to its potential for allowing signature forgery.
How do I fix CVE-2006-5484?
To fix CVE-2006-5484, upgrade to a version of SSH Tectia Client/Server/Connector or Manager that is later than 5.1.0 or 2.2.0 respectively.
What products are affected by CVE-2006-5484?
CVE-2006-5484 affects SSH Tectia Client, Server, Connector, and Manager versions 5.1.0 and earlier for the Client, Server, and Connector, and 2.2.0 and earlier for the Manager.
Can CVE-2006-5484 be exploited remotely?
Yes, CVE-2006-5484 can be exploited remotely by attackers to forge signatures.
What cryptographic components are involved in CVE-2006-5484?
CVE-2006-5484 involves RSA keys with an exponent of 3 and the improper handling of PKCS #1 v1.5 padding during hash generation.

CVE-2006-5484

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-5484?

How do I fix CVE-2006-5484?

What products are affected by CVE-2006-5484?

Can CVE-2006-5484 be exploited remotely?

What cryptographic components are involved in CVE-2006-5484?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-5484?

How do I fix CVE-2006-5484?

What products are affected by CVE-2006-5484?

Can CVE-2006-5484 be exploited remotely?

What cryptographic components are involved in CVE-2006-5484?