Note: This is an archival copy of Security Sun Alert 200610 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000472.1.
Solaris 9 Operating System
Solaris 10 Operating System
Sun Java Enterprise System 2003Q4
Sun Java Enterprise System 2005Q1
Solaris 8 Operating System
Sun Java Enterprise System 2005Q4
Sun Java Enterprise System 2004Q2
Date of Workaround Release
Date of Resolved Release
A vulnerability in the Sun Java Enterprise System (JES) may allow remote unprivileged users to construct certificates with forged signatures that go undetected and are accepted as valid signatures. These unprivileged users may be able to operate servers that falsely pose as other servers or generate forged signatures on emails and software downloads without detection.
This issue is also described in the following documents:
CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620
CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Note: The issue described in this Sun Alert is specific to Sun Java Enterprise System (JES). Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648
This issue can occur in the following releases:
Among NSS-based server products, this vulnerability only affects those that:
A) act as SSL clients (including LDAPS clients), or
B) request and accept certificates from remote SSL clients.
This vulnerability stems from the code that verifies RSA signatures of the kind commonly used on X.509 certificates known as "PKCS#1" version 1.5 RSA signatures.
To determine if the NSS packages are installed on a system, the following command can be run:
% pkginfo SUNWtls
To determine the version of NSS on a system, the following command can be run:
% pkgparam SUNWtls SUNW_PRODVERS
There are no predictable symptoms that would indicate the described issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
A final resolution is pending completion.
This solution has no attachment