CVE-2006-5484 — MEDIUM (5.0)

Q: How severe is CVE-2006-5484?

CVE-2006-5484 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-5484?

Check the references section above for vendor advisories and patch information. Affected products include: Ssh Tectia Client, Ssh Tectia Connector, Ssh Tectia Manager, Ssh Tectia Server.

Vulnerability Description

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ssh	Tectia Client	<= 5.1.0
Ssh	Tectia Connector	<= 5.1.0
Ssh	Tectia Manager	<= 2.2.0
Ssh	Tectia Server	<= 5.1.0

References

http://secunia.com/advisories/22350PatchThird Party Advisory
http://securitytracker.com/id?1017060PatchThird Party AdvisoryVDB Entry
http://securitytracker.com/id?1017061PatchThird Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/845620Third Party AdvisoryUS Government Resource
http://www.ssh.com/company/news/2006/english/security/article/786/PatchVendor Advisory
http://www.vupen.com/english/advisories/2006/4032Permissions Required
http://secunia.com/advisories/22350PatchThird Party Advisory
http://securitytracker.com/id?1017060PatchThird Party AdvisoryVDB Entry
http://securitytracker.com/id?1017061PatchThird Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/845620Third Party AdvisoryUS Government Resource
http://www.ssh.com/company/news/2006/english/security/article/786/PatchVendor Advisory
http://www.vupen.com/english/advisories/2006/4032Permissions Required

FAQ

What is CVE-2006-5484?

CVE-2006-5484 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allow...

How severe is CVE-2006-5484?

CVE-2006-5484 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5484?

Check the references section above for vendor advisories and patch information. Affected products include: Ssh Tectia Client, Ssh Tectia Connector, Ssh Tectia Manager, Ssh Tectia Server.