PT-2006-6199 · Ssh Tectia · Ssh Tectia Manager+1

Daniel Bleichenbacher

Published

2006-10-24

Updated

2019-08-28

CVE-2006-5484

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SSH Tectia Client/Server/Connector versions 5.1.0 and earlier SSH Tectia Manager versions 2.2.0 and earlier

Description The issue allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by an RSA key with exponent 3. This is due to the removal of PKCS-1 padding before generating a hash, which prevents correct verification of X.509 and other certificates that use PKCS #1.

Recommendations For SSH Tectia Client/Server/Connector versions 5.1.0 and earlier, consider updating to a version that correctly handles PKCS-1 padding. For SSH Tectia Manager versions 2.2.0 and earlier, consider updating to a version that correctly handles PKCS-1 padding. As a temporary workaround, consider restricting the use of RSA keys with exponent 3 until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5484

Affected Products

Ssh Tectia Client/Server/Connector

Ssh Tectia Manager

PT-2006-6199 · Ssh Tectia · Ssh Tectia Manager+1

CVE-2006-5484

Related Identifiers

Affected Products

References · 7