Note: This is an archival copy of Security Sun Alert 200091 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000075.1.
Article ID : 1000075.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-04-11
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8, 9 and 10



Category
Security

Release Phase
Resolved

Product
Mozilla v1.7
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6488248, 6499438

Date of Workaround Release
22-JAN-2007

Date of Resolved Release
12-APR-2007

Impact

Security vulnerabilities are present in the Network Security Services (nss) library shipped with Mozilla version 1.7 (for Solaris 8, 9 and 10). Mozilla can be used as a web browser and editor, an irc client, an email client and a news client.

RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized.

Due to an implementation error in the NSS library shipped with Mozilla 1.7, for RSA digital signatures with a small exponent such as 3, it is possible for a local or remote user who provides data that is processed by the Mozilla application, to calculate a value for the padded data to make an altered message appear to be correctly signed, allowing the signature to be forged.

BugID 6488248 - For Mozilla 1.7:

Mozilla 1.7 RSA implementation may fail to properly verify signatures. Specifically, it may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key's signature.

This issue is described in the following documents:

BugID 6499438 - For Mozilla 1.7:

NSS library shipped with Mozilla 1.7, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates.

This issue is described in the following documents:

Note: The issue described in this Sun Alert is specific to the Mozilla application. Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8 and 9) without patch 120671-04
  • Mozilla 1.7 (for Solaris 10) without patch 119115-22

x86 Platform

  • Mozilla 1.7 (for Solaris 8 and 9) without patch 120672-04
  • Mozilla 1.7 (for Solaris 10) without patch 119116-22

Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to apply the security fixes.

To determine the version of Mozilla installed on a Solaris system, the following command can be run:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005031721

 


Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for the above mentioned issues. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8 and 9) with patch 120671-04 or later
  • Solaris 10 with patch 119115-22 or later

x86 Platform

  • Mozilla 1.7 (for Solaris 8 and 9) with patch 120672-04 or later
  • Solaris 10 with patch 119116-22 or later


Modification History
Date: 12-APR-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

119116-22
119115-22
120672-04
120671-04




Attachments
This solution has no attachment