Sun Alert 102781 RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8, 9 and 10

Product: Mozilla v1.7, Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Security vulnerabilities are present in the Network Security Services (nss) library shipped with Mozilla version 1.7 (for Solaris 8, 9 and 10). Mozilla can be used as a web browser and editor, an irc client, an email client and a news client.

RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized.

Due to an implementation error in the NSS library shipped with Mozilla 1.7, for RSA digital signatures with a small exponent such as 3, it is possible for a local or remote user who provides data that is processed by the Mozilla application, to calculate a value for the padded data to make an altered message appear to be correctly signed, allowing the signature to be forged.

BugID 6488248 - For Mozilla 1.7:

Mozilla 1.7 RSA implementation may fail to properly verify signatures. Specifically, it may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key's signature.

This issue is described in the following documents:

BugID 6499438 - For Mozilla 1.7:

NSS library shipped with Mozilla 1.7, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates.

This issue is described in the following documents:

Note: The issue described in this Sun Alert is specific to the Mozilla application. Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

Avoidance: Patch
State: Resolved
First released: 22-Jan-2007
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today