The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102656 Security Vulnerability Issue of Forged RSA Signatures for Java Enterprise System and Solaris

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Sun Java Enterprise System 2003Q4, Sun Java Enterprise System 2005Q1, Solaris 8 Operating System, Sun Java Enterprise System 2005Q4, Sun Java Enterprise System 2004Q2

A vulnerability in the Sun Java Enterprise System (JES) may allow remote unprivileged users to construct certificates with forged signatures that go undetected and are accepted as valid signatures. These unprivileged users may be able to operate servers that falsely pose as other servers or generate forged signatures on emails and software downloads without detection.

This issue is also described in the following documents:

CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620

CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Note: The issue described in this Sun Alert is specific to Sun Java Enterprise System (JES). Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

Avoidance: Patch
State: Resolved
First released: 25-Oct-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.