CVE-2006-5201

Name of the Vulnerable Software and Affected Versions Sun Solaris versions (affected versions not specified) Java JDK and JRE versions 5.0 Update 8 and earlier Java SDK and JRE versions 1.4.x up to 1.4.2 12 Java SDK and JRE versions 1.3.x up to 1.3.1 19 JSSE versions 1.0.3 03 and earlier IPSec/IKE (affected versions not specified) Secure Global Desktop (affected versions not specified) StarOffice (affected versions not specified)

Description The issue allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by an RSA key with exponent 3. This is because the affected products remove PKCS-1 padding before generating a hash, which prevents them from correctly verifying X.509 and other certificates that use PKCS #1.

Recommendations For Java JDK and JRE versions 5.0 Update 8 and earlier, update to a version later than 5.0 Update 8. For Java SDK and JRE versions 1.4.x up to 1.4.2 12, update to a version later than 1.4.2 12. For Java SDK and JRE versions 1.3.x up to 1.3.1 19, update to a version later than 1.3.1 19. For JSSE versions 1.0.3 03 and earlier, update to a version later than 1.0.3 03. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Sun Solaris, IPSec/IKE, Secure Global Desktop, and StarOffice.