OpenSSL RSA exponent 3 security bypass

openssl-rsa-security-bypass (28755) The risk level is classified as MediumMedium Risk

Description:

OpenSSL could allow a remote attacker to bypass security restrictions caused by an improper validation of certain signatures. If an RSA key with exponent 3 is used, a remote attacker could forge a PKCS #1 v1.5 signature and certificate signed by that key. A remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access.

Platforms Affected:

  • Apple, Mac OS X 10.3.9
  • Apple, Mac OS X 10.4.8
  • Apple, Mac OS X Server 10.3.9
  • Apple, Mac OS X Server 10.4.8
  • BEA, WebLogic Server Express
  • BEA, WebLogic Server
  • Canonical, Ubuntu 5.04
  • Canonical, Ubuntu 5.10
  • Canonical, Ubuntu 6.06 LTS
  • Cisco, Access Registrar
  • Cisco, Application and Content Networking Software
  • Cisco, Application Control Engine Module
  • Cisco, CallManager Express
  • Cisco, CiscoWorks Common Management Foundation
  • Cisco, CiscoWorks Common Services
  • Cisco, Content Services Switch 11500 prior to 7.50.3.4
  • Cisco, Content Services Switch 11500 prior to 8.10.2.6S
  • Cisco, CS-MARS prior to 4.2.3
  • Cisco, GSS 4480 Global Site Selector
  • Cisco, GSS 4490 Global Site Selector
  • Cisco, GSS 4491 Global Site Selector
  • Cisco, GSS 4492 Global Site Selector
  • Cisco, IDS
  • Cisco, MDS 9500
  • Cisco, ONS 15454 prior to 8.0
  • Cisco, Secure Access Control Server
  • Cisco, Security Agent prior to 5.1.0.79
  • Cisco, SIP Proxy Server
  • Cisco, Unified CallManager 4.x and higher
  • Cisco, Unified Presence Server
  • Cisco, WAAS
  • Cisco, WAFS
  • Cisco, Wireless LAN Controller prior to 4.0.x
  • Debian, Debian Linux 3.1
  • Gentoo, Linux
  • Hitachi, Cosminexus App Server 5 AIX 05-00 to 05-00-/R
  • Hitachi, Cosminexus App Server 5 AIX 05-05 to 05-05-/M
  • Hitachi, Cosminexus App Server 5 HP-UX 05-00 to 05-00-/C
  • Hitachi, Cosminexus App Server 5 HP-UX 05-02 to 05-02-/E
  • Hitachi, Cosminexus App Server 5 HP-UX 05-05 to 05-05-/H
  • Hitachi, Cosminexus App Server 5 Linux 05-05 to 05-05-/I
  • Hitachi, Cosminexus App Server 5 Windows 05-01 to 05-01-/L
  • Hitachi, Cosminexus App Server 5 Windows 05-05 to 05-05-/P
  • Hitachi, Cosminexus App Server 6 EE AIX 06-00 to 06-00-/G
  • Hitachi, Cosminexus App Server 6 EE AIX 06-50 to 06-50-/G
  • Hitachi, Cosminexus App Server 6 EE HP-UX 06-00 to 06-00-/D
  • Hitachi, Cosminexus App Server 6 EE HP-UX 06-50 - 06-50-/E
  • Hitachi, Cosminexus App Server 6 EE HP-UX IPF 06-00 to 06-00-/E
  • Hitachi, Cosminexus App Server 6 EE HP-UX IPF 06-50 to 06-50-/E
  • Hitachi, Cosminexus App Server 6 EE Linux 06-00 to 06-00-/D
  • Hitachi, Cosminexus App Server 6 EE Linux 06-02 to 06-02-/F
  • Hitachi, Cosminexus App Server 6 EE Linux 06-50 to 06-50-/C
  • Hitachi, Cosminexus App Server 6 EE Linux 06-51 to 06-51-/D
  • Hitachi, Cosminexus App Server 6 EE Solaris 06-00 to 06-00-/A
  • Hitachi, Cosminexus App Server 6 EE Solaris 06-50 to 06-50-/C
  • Hitachi, Cosminexus App Server 6 EE Win 06-00 to 06-00-/H
  • Hitachi, Cosminexus App Server 6 EE Win 06-02 to 06-02-/G
  • Hitachi, Cosminexus App Server 6 EE Win 06-50 to 06-50-/F
  • Hitachi, Cosminexus App Server 6 EE Win 06-51 to 06-51-/J
  • Hitachi, Cosminexus App Server 6 SE AIX 06-00 to 06-00-/G
  • Hitachi, Cosminexus App Server 6 SE AIX 06-50 to 06-50-/G
  • Hitachi, Cosminexus App Server 6 SE HP-UX 06-00 to 06-00-/D
  • Hitachi, Cosminexus App Server 6 SE HP-UX 06-50 - 06-50-/E
  • Hitachi, Cosminexus App Server 6 SE HP-UX IPF 06-00 to 06-00-/E
  • Hitachi, Cosminexus App Server 6 SE HP-UX IPF 06-50 to 06-50-/E
  • Hitachi, Cosminexus App Server 6 SE Linux 06-00 to 06-00-/D
  • Hitachi, Cosminexus App Server 6 SE Linux 06-02 to 06-02-/F
  • Hitachi, Cosminexus App Server 6 SE Linux 06-50 to 06-50-/C
  • Hitachi, Cosminexus App Server 6 SE Linux 06-51 to 06-51-/D
  • Hitachi, Cosminexus App Server 6 SE Solaris 06-00 to 06-00-/A
  • Hitachi, Cosminexus App Server 6 SE Solaris 06-50 to 06-50-/C
  • Hitachi, Cosminexus App Server 6 SE Win 06-00 to 06-00-/H
  • Hitachi, Cosminexus App Server 6 SE Win 06-02 to 06-02-/G
  • Hitachi, Cosminexus App Server 6 SE Win 06-50 to 06-50-/F
  • Hitachi, Cosminexus App Server 6 SE Win 06-51 to 06-51-/J
  • Hitachi, Cosminexus Developer 5 for Windows 05-01 to 05-01-/L
  • Hitachi, Cosminexus Developer 5 for Windows 05-05 to 05-05-/P
  • Hitachi, Cosminexus Developer 6 LE Win 06-00 to 06-00-/H
  • Hitachi, Cosminexus Developer 6 LE Win 06-02 to 06-02-/G
  • Hitachi, Cosminexus Developer 6 LE Win 06-50 to 06-50-/F
  • Hitachi, Cosminexus Developer 6 LE Win 06-51 to 06-51-/J
  • Hitachi, Cosminexus Developer 6 PE Win 06-00 to 06-00-/H
  • Hitachi, Cosminexus Developer 6 PE Win 06-02 to 06-02-/G
  • Hitachi, Cosminexus Developer 6 PE Win 06-50 to 06-50-/F
  • Hitachi, Cosminexus Developer 6 PE Win 06-51 to 06-51-/J
  • Hitachi, Cosminexus Developer 6 SE Win 06-00 to 06-00-/H
  • Hitachi, Cosminexus Developer 6 SE Win 06-02 to 06-02-/G
  • Hitachi, Cosminexus Developer 6 SE Win 06-50 to 06-50-/F
  • Hitachi, Cosminexus Developer 6 SE Win 06-51 to 06-51-/J
  • Hitachi, Cosminexus Server EE for HP-UX 03-00 to 03-05
  • Hitachi, Cosminexus Server EE for Solaris 03-00 to 03-05
  • Hitachi, Cosminexus Server SE 4 for AIX 04-01
  • Hitachi, Cosminexus Server SE 4 for HP-UX 04-01
  • Hitachi, Cosminexus Server SE 4 for Solaris 04-01
  • Hitachi, Cosminexus Server SE for HP-UX 03-00 to 03-05
  • Hitachi, Cosminexus Server SE for Solaris 03-00 to 03-05
  • Hitachi, Cosminexus Server WE 4 for HP-UX 04-01
  • Hitachi, Cosminexus Server WE 4 for Solaris 04-01
  • Hitachi, Cosminexus Server WE for HP-UX 03-00 to 03-05
  • Hitachi, Cosminexus Server WE for Solaris 03-00 to 03-05
  • Hitachi, Hitachi Web Server for AIX 01-01 to 01-02-/E
  • Hitachi, Hitachi Web Server for AIX 02-00 to 02-04-/B
  • Hitachi, Hitachi Web Server for AIX 03-00
  • Hitachi, Hitachi Web Server for HP-UX (IPF) 02-02 to 02-04-/B
  • Hitachi, Hitachi Web Server for HP-UX 10.20 01-00 to 01-02-/D
  • Hitachi, Hitachi Web Server for HP-UX 11.00 01-00 to 01-02-/D
  • Hitachi, Hitachi Web Server for HP-UX 11.00 02-00 to 02-04-/B
  • Hitachi, Hitachi Web Server for Linux 01-01 to 01-01-/D
  • Hitachi, Hitachi Web Server for Linux 02-00 to 02-00-/A
  • Hitachi, Hitachi Web Server for Linux 02-02 to 02-06-/A
  • Hitachi, Hitachi Web Server for Linux 03-00
  • Hitachi, Hitachi Web Server for Solaris 01-00 to 01-02-/D
  • Hitachi, Hitachi Web Server for Solaris 02-00 to 02-04-/B
  • Hitachi, Hitachi Web Server for Solaris 03-00
  • Hitachi, Hitachi Web Server for Turbolinux 01-01
  • Hitachi, Hitachi Web Server for Turbolinux 02-00
  • Hitachi, Hitachi Web Server for Windows 02-00 to 02-04-/D
  • Hitachi, Hitachi Web Server for Windows 03-00 to 03-00-01
  • Hitachi, uCosminexus Appl Serv Ent HP-UX IPF 07-00
  • Hitachi, uCosminexus Appl Serv Ent HP-UX IPF 07-10
  • Hitachi, uCosminexus Appl Serv Ent HP-UX IPF 07-10-01
  • Hitachi, uCosminexus Appl Srv Ent Windows 06-70 to 06-70-/D
  • Hitachi, uCosminexus Appl Srv Ent Windows 06-71 to 06-71-/D
  • Hitachi, uCosminexus Appl Srv Ent Windows 07-00 to 07-00-03
  • Hitachi, uCosminexus Appl Srv Ent Windows 07-10 to 07-10-01
  • Hitachi, uCosminexus Appl Srv Ent Windows 07-20 to 07-20-01
  • Hitachi, uCosminexus Appl Srv Ent Windows 07-50 to 07-50-01
  • Hitachi, uCosminexus Application Serv Ent AIX 06-70 to 06-70-/B
  • Hitachi, uCosminexus Application Serv Ent AIX 07-00
  • Hitachi, uCosminexus Application Serv Ent AIX 07-10
  • Hitachi, uCosminexus Application Serv Ent AIX 07-50
  • Hitachi, uCosminexus Application Serv Ent HP-UX 06-70 to 06-70-/C
  • Hitachi, uCosminexus Application Serv Ent HP-UX 07-10
  • Hitachi, uCosminexus Application Serv Ent Linux 06-70 to 06-70-/D
  • Hitachi, uCosminexus Application Serv Ent Linux 06-71 to 06-71-/D
  • Hitachi, uCosminexus Application Serv Ent Linux 07-00 to 07-00-01
  • Hitachi, uCosminexus Application Serv Ent Linux 07-10
  • Hitachi, uCosminexus Application Serv Ent Linux 07-50
  • Hitachi, uCosminexus Application Serv Ent Solaris 06-70 to 06-70-/D
  • Hitachi, uCosminexus Application Serv Ent Solaris 07-00
  • Hitachi, uCosminexus Application Serv Ent Solaris 07-10
  • Hitachi, uCosminexus Application Serv Std HP-UX 07-10
  • Hitachi, uCosminexus Application Server AIX 06-70 -06-70-/B
  • Hitachi, uCosminexus Application Server AIX 07-00
  • Hitachi, uCosminexus Application Server AIX 07-10
  • Hitachi, uCosminexus Application Server AIX 07-50
  • Hitachi, uCosminexus Application Server for HP-UX 06-70 to 06-70-/C
  • Hitachi, uCosminexus Application Server for HP-UX 06-72 to 06-72-/A
  • Hitachi, uCosminexus Application Server for Win 06-70 to 06-70-/D
  • Hitachi, uCosminexus Application Server for Win 06-71 to 06-71-/D
  • Hitachi, uCosminexus Application Server for Win 07-00 to 07-00-03
  • Hitachi, uCosminexus Application Server for Win 07-10 to 07-10-01
  • Hitachi, uCosminexus Application Server for Win 07-20 - 07-20-01
  • Hitachi, uCosminexus Application Server for Win 07-50 to 07-50-01
  • Hitachi, uCosminexus Application Server HP-UX IPF 06-70 to 06-70-/K
  • Hitachi, uCosminexus Application Server HP-UX IPF 07-00
  • Hitachi, uCosminexus Application Server HP-UX IPF 07-10 to 07-10-01
  • Hitachi, uCosminexus Application Server Linux 06-70 to 06-70-/D
  • Hitachi, uCosminexus Application Server Linux 06-71 to 06-71-/D
  • Hitachi, uCosminexus Application Server Linux 07-00 to 07-00-01
  • Hitachi, uCosminexus Application Server Linux 07-10
  • Hitachi, uCosminexus Application Server Linux 07-50
  • Hitachi, uCosminexus Application Server Solaris 06-70 to 06-70-/D
  • Hitachi, uCosminexus Application Server Solaris 07-00
  • Hitachi, uCosminexus Application Server Solaris 07-10
  • Hitachi, uCosminexus Application SrvEnt HP-UX IPF 06-70 to 06-70-/F
  • Hitachi, uCosminexus Developer Light Win 06-70 to 06-70-/D
  • Hitachi, uCosminexus Developer Light Win 06-71 to 06-71-/D
  • Hitachi, uCosminexus Developer Professional Win 06-70 to 06-70-/D
  • Hitachi, uCosminexus Developer Professional Win 06-71 to 06-71-/D
  • Hitachi, uCosminexus Developer Professional Win 07-00 to 07-00-03
  • Hitachi, uCosminexus Developer Professional Win 07-10 to 07-10-01
  • Hitachi, uCosminexus Developer Professional Win 07-20 - 07-20-01
  • Hitachi, uCosminexus Developer Professional Win 07-50 to 07-50-01
  • Hitachi, uCosminexus Developer Standard Win 06-70 to 06-70-/D
  • Hitachi, uCosminexus Developer Standard Win 06-71 to 06-71-/D
  • Hitachi, uCosminexus Developer Standard Win 07-00 to 07-00-03
  • Hitachi, uCosminexus Developer Standard Win 07-10 to 07-10-01
  • Hitachi, uCosminexus Developer Standard Win 07-20 - 07-20-01
  • Hitachi, uCosminexus Developer Standard Win 07-50 to 07-50-01
  • Hitachi, uCosminexus Service Architect Win 07-00 to 07-00-03
  • Hitachi, uCosminexus Service Architect Win 07-10 to 07-10-01
  • Hitachi, uCosminexus Service Architect Win 07-20 - 07-20-01
  • Hitachi, uCosminexus Service Architect Win 07-50 to 07-50-01
  • Hitachi, uCosminexus Service Platform AIX 07-10
  • Hitachi, uCosminexus Service Platform AIX 07-50
  • Hitachi, uCosminexus Service Platform Linux 07-00
  • Hitachi, uCosminexus Service Platform Linux 07-10
  • Hitachi, uCosminexus Service Platform Linux 07-50
  • Hitachi, uCosminexus Service Platform Win 07-00 to 07-00-03
  • Hitachi, uCosminexus Service Platform Win 07-10 to 07-10-01
  • Hitachi, uCosminexus Service Platform Win 07-20 - 07-20-01
  • Hitachi, uCosminexus Service Platform Win 07-50 to 07-50-01
  • HP, HP-UX 11.11
  • HP, HP-UX 11.23
  • HP, System Management Homepage prior to 2.1.7
  • IBM, HMC 6 R1.2
  • Ingate, Ingate Firewall Current version
  • Ingate, Ingate SIParator Current version
  • MandrakeSoft, Mandrake Linux 2006
  • MandrakeSoft, Mandrake Linux 2006 X86_64
  • MandrakeSoft, Mandrake Linux 2007 X86_64
  • MandrakeSoft, Mandrake Linux 2007
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0
  • MandrakeSoft, Mandrake Linux Corporate Server 4.0
  • MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
  • MandrakeSoft, Mandrake Multi Network Firewall 2.0
  • Mozilla, Firefox 1.5.0.7
  • Mozilla, Network Security Services 3.11.3
  • Mozilla, SeaMonkey 1.0.5
  • Mozilla, Thunderbird 1.5.0.7
  • NetBSD, NetBSD 2.0
  • NetBSD, NetBSD 2.0.1
  • NetBSD, NetBSD 2.0.2
  • NetBSD, NetBSD 2.0.3
  • NetBSD, NetBSD 2.0.4
  • NetBSD, NetBSD 2.1
  • NetBSD, NetBSD 3.0
  • NetBSD, NetBSD 3.0.1
  • NetBSD, NetBSD 3.0.2
  • NetBSD, NetBSD 4.0 beta
  • NetBSD, NetBSD CURRENT
  • Novell, Linux Desktop 9
  • Novell, Linux POS 9
  • Novell, NICI prior to 2.7.2
  • Novell, Open Enterprise Server
  • Novell, Open Enterprise Server
  • Novell, Security Services 2.0.4
  • Novell, UnitedLinux 1.0
  • OpenPKG, OpenPKG 2-STABLE
  • OpenPKG, OpenPKG 2.5
  • OpenPKG, OpenPKG CURRENT
  • OpenPKG, OpenPKG Enterprise E1.0-SOLID
  • OpenSSL, OpenSSL 0.9.7 Beta1
  • OpenSSL, OpenSSL 0.9.7 Beta2
  • OpenSSL, OpenSSL 0.9.7 Beta4
  • OpenSSL, OpenSSL 0.9.7 Beta5
  • OpenSSL, OpenSSL 0.9.7
  • OpenSSL, OpenSSL 0.9.7 Beta6
  • OpenSSL, OpenSSL 0.9.7 Beta3
  • OpenSSL, OpenSSL 0.9.7a
  • OpenSSL, OpenSSL 0.9.7b
  • OpenSSL, OpenSSL 0.9.7c
  • OpenSSL, OpenSSL 0.9.7d
  • OpenSSL, OpenSSL 0.9.7e
  • OpenSSL, OpenSSL 0.9.7f
  • OpenSSL, OpenSSL 0.9.7g
  • OpenSSL, OpenSSL 0.9.7h
  • OpenSSL, OpenSSL 0.9.7i
  • OpenSSL, OpenSSL 0.9.7j
  • OpenSSL, OpenSSL 0.9.8
  • OpenSSL, OpenSSL 0.9.8a
  • OpenSSL, OpenSSL 0.9.8b
  • Opera, Opera prior to 9.02
  • RedHat, Enterprise Linux 2.1 WS
  • RedHat, Enterprise Linux 2.1 ES
  • RedHat, Enterprise Linux 2.1 AS
  • RedHat, Enterprise Linux 3 AS
  • RedHat, Enterprise Linux 3 ES
  • RedHat, Enterprise Linux 3 Desktop
  • RedHat, Enterprise Linux 3 WS
  • RedHat, Enterprise Linux 4 AS
  • RedHat, Enterprise Linux 4 Desktop
  • RedHat, Enterprise Linux 4 ES
  • RedHat, Enterprise Linux 4 WS
  • RedHat, Enterprise Linux AS
  • RedHat, Enterprise Linux ES
  • RedHat, Enterprise Linux WS
  • RedHat, Linux Advanced Workstation 2.1 Itanium
  • RedHat, Network Satellite Server 4.2
  • RedHat, Network Satellite Server 5.0
  • RedHat, Network Satellite Server 5.1
  • RedHat, RHEL Extras 3
  • RedHat, RHEL Extras 4
  • Sun, J2SE 1.5.0
  • Sun, Java System Application Server 7.0 2004Q2 Standard
  • Sun, Java System Application Server 7.0 2004Q2 Enterprise
  • Sun, Java System Application Server 8.1 2005Q1
  • Sun, Java System Web Proxy Server 3.6
  • Sun, Java System Web Server 6.1
  • Sun, JDK 1.5.0 Update2
  • Sun, JDK 1.5.0 Update1
  • Sun, JDK 1.5.0
  • Sun, JDK 1.5.0 Update3
  • Sun, JDK 1.5.0 Update4
  • Sun, JDK 1.5.0 Update5
  • Sun, JDK 1.5.0 Update6
  • Sun, JDK 1.5.0 Update8
  • Sun, JDK 1.5.0 Update7
  • Sun, JDK 1.5.0 Update7 B03
  • Sun, JRE 1.3.1 Update18
  • Sun, JRE 1.3.1 Update19
  • Sun, JRE 1.3.1 Update1a
  • Sun, JRE 1.3.1 Update4
  • Sun, JRE 1.3.1 Update16
  • Sun, JRE 1.3.1 Update15
  • Sun, JRE 1.3.1 Update1
  • Sun, JRE 1.3.1
  • Sun, JRE 1.3.1 Update17
  • Sun, JRE 1.3.1 Update14
  • Sun, JRE 1.3.1 Update13
  • Sun, JRE 1.3.1 Update12
  • Sun, JRE 1.3.1 Update11
  • Sun, JRE 1.3.1 Update10
  • Sun, JRE 1.3.1 Update9
  • Sun, JRE 1.3.1 Update7
  • Sun, JRE 1.3.1 Update6
  • Sun, JRE 1.3.1 Update5
  • Sun, JRE 1.3.1 Update8
  • Sun, JRE 1.3.1 Update2
  • Sun, JRE 1.3.1 Update3
  • Sun, JRE 1.4.2 Update5
  • Sun, JRE 1.4.2 Update6
  • Sun, JRE 1.4.2 Update7
  • Sun, JRE 1.4.2 Update4
  • Sun, JRE 1.4.2
  • Sun, JRE 1.4.2 Update8
  • Sun, JRE 1.4.2 Update9
  • Sun, JRE 1.4.2 Update1
  • Sun, JRE 1.4.2 Update10
  • Sun, JRE 1.4.2 Update11
  • Sun, JRE 1.4.2 Update12
  • Sun, JRE 1.4.2 Update2
  • Sun, JRE 1.4.2 Update3
  • Sun, JRE 1.5.0 Update1
  • Sun, JRE 1.5.0 Update2
  • Sun, JRE 1.5.0 Update4
  • Sun, JRE 1.5.0 Update5
  • Sun, JRE 1.5.0 Update6
  • Sun, JRE 1.5.0 Update3
  • Sun, JRE 1.5.0 Update7
  • Sun, JRE 1.5.0
  • Sun, JRE 1.5.0 Update8
  • Sun, JRE 1.5.0 Update7
  • Sun, JSSE 1.0.3
  • Sun, JSSE 1.0.3_01
  • Sun, JSSE 1.0.3_02
  • Sun, JSSE 1.0.3_03
  • Sun, ONE Web Server 6.0
  • Sun, SDK 1.3.1_01
  • Sun, SDK 1.3.1_01a
  • Sun, SDK 1.3.1_02
  • Sun, SDK 1.3.1_03
  • Sun, SDK 1.3.1_04
  • Sun, SDK 1.3.1_05
  • Sun, SDK 1.3.1_06
  • Sun, SDK 1.3.1_07
  • Sun, SDK 1.3.1_08
  • Sun, SDK 1.3.1_09
  • Sun, SDK 1.3.1_10
  • Sun, SDK 1.3.1_11
  • Sun, SDK 1.3.1_12
  • Sun, SDK 1.3.1_13
  • Sun, SDK 1.3.1_14
  • Sun, SDK 1.3.1_15
  • Sun, SDK 1.3.1_16
  • Sun, SDK 1.3.1_16
  • Sun, SDK 1.3.1_17
  • Sun, SDK 1.3.1_18
  • Sun, SDK 1.3.1_18
  • Sun, SDK 1.3.1_19
  • Sun, SDK 1.4.2
  • Sun, SDK 1.4.2_01
  • Sun, SDK 1.4.2_02
  • Sun, SDK 1.4.2_03
  • Sun, SDK 1.4.2_04
  • Sun, SDK 1.4.2_05
  • Sun, SDK 1.4.2_06
  • Sun, SDK 1.4.2_07
  • Sun, SDK 1.4.2_08
  • Sun, SDK 1.4.2_09
  • Sun, SDK 1.4.2_10
  • Sun, SDK 1.4.2_11
  • Sun, SDK 1.4.2_12
  • Sun, Secure Global Desktop 4.2 Enterprise
  • Sun, Solaris 10 SPARC
  • Sun, Solaris 10 x86
  • Sun, Solaris 8.0 SPARC
  • Sun, Solaris 9.0 x86
  • Sun, Solaris 9.0 SPARC
  • Sun, Solaris x86
  • SuSE, SLE SDK 10
  • SuSE, SuSE Linux 10.0
  • SuSE, SuSE Linux 10.1
  • SuSE, SuSE Linux 9.0
  • SuSE, SuSE Linux 9.2
  • SuSE, SuSE Linux 9.3
  • SuSE, SuSE Linux Enterprise Server 8.0
  • SuSE, SuSE Linux OpenExchange Server 4
  • SuSE, SuSE Linux Retail Solution 8
  • SuSE, SuSE Linux School Server
  • SuSE, SuSE Linux Standard Server 8
  • SuSE, SuSE SLED 10
  • SuSE, SuSE SLES 10
  • SuSE, SuSE SLES 9
  • Turbolinux, Turbolinux 10 Desktop
  • Turbolinux, Turbolinux 10 F...
  • Turbolinux, Turbolinux 10 Server
  • Turbolinux, Turbolinux 10 Server x64 Ed
  • Turbolinux, Turbolinux 7 Server
  • Turbolinux, Turbolinux 8 Server
  • Turbolinux, Turbolinux FUJI
  • Turbolinux, Turbolinux Home
  • Turbolinux, Turbolinux Multimedia
  • Turbolinux, Turbolinux Personal
  • Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
  • Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
  • Turbolinux, Turbolinux Appliance Server 2.0
  • VMware, Server prior to 1.0.5
  • VMware, Workstation 6.0.2 and prior

Remedy:

Upgrade to the latest version of OpenSSL (0.9.7j or 0.9.8b or later), as listed in OpenSSL Security Advisory [11 October 2005]. See References.

For Sybase:
Refer to Sybase Advisory 1047991 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux:
Refer to USN-339-1 for patch, upgrade, or workaround information. See References.

For Debian GNU/Linux:
Refer to DSA-1173-1 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux:
Refer to RHSA-2006:0661-8 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux (java-ibm):
Refer to RHSA-2007:0073-2 or RHSA-2007:0062 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux (IBMJava2-JRE):
Refer to RHSA-2007:0072-2 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (Opera):
Refer to Gentoo Linux Security Announcement GLSA 200609-18 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (x86 emulation base libraries for AMD64):
Refer to Gentoo Linux Security Announcement GLSA 200609-05 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (NSS):
Refer to Gentoo Linux Security Announcement GLSA 200610-05 for patch, upgrade, or suggested workaround information. See References.

For Solaris (multiple applications):
Refer to Sun Alert ID: 102648 for patch, upgrade, or suggested workaround information. See References.

For Sun Secure Global Desktop:
Refer to Sun Alert ID: 102657 for patch, upgrade, or suggested workaround information. See References.

For Java Enterprise System:
Refer to Sun Alert ID: 102656 for patch, upgrade, or suggested workaround information. See References.

For Java 2 Platform, Standard Edition:
Refer to Sun Alert ID: 102686 for patch, upgrade, or suggested workaround information. See References.

For Solaris (for libike Library applications):
Refer to Sun Alert ID: 102722 for patch, upgrade, or suggested workaround information. See References.

For Solaris (for WAN Boot):
Refer to Sun Alert ID: 102759 for patch, upgrade, or suggested workaround information. See References.

For Cisco:
Refer to cisco-sr-20061108-openssl for upgrade information. See References.

For Mandriva Linux:
Refer to Mandriva Security Advisory MDKSA-2006:207 for patch, upgrade, or suggested workaround information. See References.

For Apple Mac OS X:
Apply Apple Security Update 2006-007, available from the Apple Web site. See References.

For NetBSD:
Refer to NetBSD Security Advisory 2006-023 for patch, upgrade, or suggested workaround information. See References.

For VMware Workstation:
Upgrade to the latest version of VMware Workstation (6.0.3 or later), available from the VMware Workstation Web site. See References.

For VMware Server:
Upgrade to the latest version of VMware Server (1.0.5 or later), available from the VMware Server Web site. See References.

For SUSE Linux:
Refer to SUSE-SA:2007:010 Security Announcement for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SA:2006:054 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SA:2006:055 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SA:2006:061 for patch, upgrade, or suggested workaround information. See References.

For BEA WebLogic Server and Express:
Refer to BEA07-169.00 for patch, upgrade, or suggested workaround information. See References.

For Novell International Crypotographic Infrastructure (NICI):
Refer to Novell Security Alert 3590033 for patch, upgrade, or suggested workaround information. See References.

For HP-UX (bind):
Refer to HPSBUX02219 SSRT061273 for patch, upgrade, or suggested workaround information. See References.

For HP System Management Homepage:
Refer to HPSBMA02250 SSRT061275 rev.1 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Bypass Security

References:

Reported:

Sep 05, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page