The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102744 Security Vulnerability With RSA Signatures Affects OpenSSL Shipped With Solaris

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System

A security vulnerability in the RSA signature verification implementation in the OpenSSL product may incorrectly verify data signed with a forged signature. This will affect applications which make use of OpenSSL to verify RSA signatures. The direct impact to these applications will depend on the way in which this signed data is used.

OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications.

This issue is also described in the following documents:

Note: The issue described in this Sun Alert is specific to the OpenSSL shipped with Solaris. Multiple Sun products are affected by this issue. For more details please see Sun Alert 102648.

Avoidance: Patch, Workaround
State: Resolved
First released: 08-Dec-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.