CVE-2006-7140

Name of the Vulnerable Software and Affected Versions libike library as used by in.iked, elfsign, and kcfd in Sun Solaris versions 9 and 10

Description The issue allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by an RSA key with exponent 3. This is due to the removal of PKCS-1 padding before generating a hash, which prevents libike from correctly verifying X.509 and other certificates that use PKCS #1.

Recommendations For Sun Solaris 9 and 10, consider disabling the use of RSA keys with exponent 3 until a patch is available. Restrict access to the libike library to minimize the risk of exploitation. Avoid using the libike library for verifying X.509 and other certificates that use PKCS #1 until the issue is resolved.