Sun Fire T2000 incorrect DSA signature verification
| sunfire-incorrect-signature-verification (28201) |  Low Risk |
Description:
Sun Fire T2000 servers running Sun Solaris incorrectly verify DSA signatures in certain cases. This would result in weaker than expected security and could allow a local or remote attacker to cause applications to trust malicious data.
Platforms Affected:
- Sun, Fire T2000 Server
Remedy:
Refer to Sun Alert ID: 102543 for patch or upgrade information. See References.
Consequences:
Other
References:
- Sun Alert ID: 102543, Security Vulnerability on Sun Fire T2000 With Solaris 10 (3/05 HW2) at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102543-1.
- BID-19291: Sun Fire T2000 Incorrect DSA Signature Verification Vulnerability
- CVE-2006-3968: The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
- SA21279: Sun Fire T2000 Incorrect DSA Signature Verification
- SECTRACK ID: 1016625: Sun Fire T2000 Does Not Properly Detect Invalid DSA Signatures
- VUPEN/ADV-2006-3103: Sun Fire T2000 Crypto Provider DSA Signature Validation Security Bypass Vulnerability
Reported:
Aug 01, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net