medium
5
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2006-5484

First published: Tue Oct 24 2006(Updated: )

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
SSH Tectia Client<=5.1.0
SSH Tectia Connector<=5.1.0
SSH Tectia Manager<=2.2.0
SSH Tectia Server<=5.1.0

Remedy

http://secunia.com/advisories/22350

Remedy

http://securitytracker.com/id?1017060

Remedy

http://securitytracker.com/id?1017061

Remedy

http://www.ssh.com/company/news/2006/english/security/article/786/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2006-5484?

    CVE-2006-5484 has a moderate severity level due to its potential for allowing signature forgery.

  • How do I fix CVE-2006-5484?

    To fix CVE-2006-5484, upgrade to a version of SSH Tectia Client/Server/Connector or Manager that is later than 5.1.0 or 2.2.0 respectively.

  • What products are affected by CVE-2006-5484?

    CVE-2006-5484 affects SSH Tectia Client, Server, Connector, and Manager versions 5.1.0 and earlier for the Client, Server, and Connector, and 2.2.0 and earlier for the Manager.

  • Can CVE-2006-5484 be exploited remotely?

    Yes, CVE-2006-5484 can be exploited remotely by attackers to forge signatures.

  • What cryptographic components are involved in CVE-2006-5484?

    CVE-2006-5484 involves RSA keys with an exponent of 3 and the improper handling of PKCS #1 v1.5 padding during hash generation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203