Note: This is an archival copy of Security Sun Alert 200196 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000148.1.
<SUNBUG 6466389>, <SUNBUG 6469538>, <SUNBUG 6468495>, <SUNBUG 6467218>, <SUNBUG 6469236>, <SUNBUG 6469123>, <SUNBUG 6473089>, <SUNBUG 6499438>, <SUNBUG 6880275>
Date of Preliminary Release
Date of Resolved Release
Security Vulnerability in RSA Signature Verification Impacting Multiple SUN Products
Certain Sun products (including some bundled third party products) may be vulnerable to an RSA(1) Signature Verification vulnerability that allows unauthorized forged certificates to be validated. This may result in a number of different types of remote exploits.
The specific impact will vary from product to product. Please see the "Contributing Factors" section for further details.
More details of the issue are available from CERT Vulnerability VU#845620 at http://www.kb.cert.org/vuls/id/845620 which is also mentioned at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-43392. Contributing Factors
The following Sun products (which utilize the RSA algorithms) may be affected by vulnerabilities described in the CERT Advisory above:
Please refer to the respective Sun Alert Notifications listed in "Contributing Factors" for the affected products listed.4. Workaround
Please refer to the respective Sun Alert Notifications for the affected products listed.5. Resolution
Please refer to the respective Sun Alert Notifications for the affected products listed.
Note: For SDK and JRE 1.4.2 and 1.3.1, and for JSSE 1.0.3, this issue will be addressed in upcoming update releases.
J2SE 5.0 is available for download at the following link:
20-Oct-2006: Updated Contributing Factors section
25-Oct-2006: Updated Contributing Factors section
03-Nov-2006: Updated Contributing Factors section
15-Nov-2006: Updated Contributing Factors section
08-Dec-2006: Updated Contributing Factors section
22-Dec-2006: Updated Contributing Factors section
22-Jan-2007: Updated Contributing Factors section
22-Oct-2010: Updated Contributing Factors section, now Resolved
This solution has no attachment