New Search

Security Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike Library

oval:org.mitre.oval:def:1648

The libike library as used by in.iked elfsign and kcfd in Sun Solaris 9 and 10 when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1 a similar issue to CVE-2006-4339.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 10
  • Sun Solaris 9
Class:
vulnerability
Reference(s):
  • CVE-2006-7140
Product(s):