copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2006.0872 -- [Solaris] -- Security Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike Library

Date: 27 February 2006
References: AL-2006.0074  ESB-2006.0728  

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                        ESB-2006.0872 -- [Solaris]
         Security Vulnerability With RSA Signature Affects Solaris
                 Applications Utilizing the libike Library
                             27 February 2007


        AusCERT Security Bulletin Summary

Product:              libike
Publisher:            Sun Microsystems
Operating System:     Solaris 10
                      Solaris 9
Impact:               Inappropriate Access
                      Reduced Security
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-4339

Ref:                  AL-2006.0074

Original Bulletin:

Revision History:  February 27 2007: Solaris 10 patches released
                   February 15 2007: Standard patches are available.
                    January 29 2006: Preliminary T-patches are now available
                   November 29 2006: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
     * Sun Alert ID: 102722
     * Synopsis: Security Vulnerability With RSA Signature Affects
       Solaris Applications Utilizing the libike Library
     * Category: Security
     * Product: Solaris 9 Operating System, Solaris 10 Operating System
     * BugIDs: 6469236
     * Avoidance: Patch, Workaround
     * State: Resolved
     * Date Released: 27-Nov-2006, 22-Feb-2007
     * Date Closed: 22-Feb-2007
     * Date Modified: 28-Nov-2006, 25-Jan-2007, 13-Feb-2007, 22-Feb-2007

1. Impact

   A security vulnerability in the libike library may cause applications
   which link against this library to incorrectly verify certain forged
   RSA signatures. The exact impact of this vulnerability depends on the
   individual application and the system configuration.

   The in.iked(1M) daemon, which is shipped with Solaris 9 and 10, uses
   the libike library for signature verification, and is affected by this

   In addition, the following applications which are shipped with Solaris
   10 only, also make use of the libike library and are affected by this
     * elfsign(1)
     * kcfd(1M)

   The in.iked(1M) daemon can be configured to rely on RSA signature
   verification for authenticating remote hosts during IKE phase 1
   exchanges. This vulnerability may allow a remote privileged user to
   complete an IKE phase 1 exchange using a forged identity, which may
   eventually lead to the possibility of gaining unauthorized access to
   private networks.

   elfsign(1M) uses certificates for signing and verification of ELF
   binaries. This security vulnerability may allow signatures made with
   certain certificates to be forged, causing elfsign(1M) to incorrectly
   verify a signed binary. System configurations which depend on the
   output of elfsign(1M), such as a configuration which forbids execution
   of unsigned binaries, may therefore be circumvented.

   kcfd(1M), which is running by default on Solaris 10 systems, uses
   certificates for verification of kernel cryptographic modules. An
   untrusted privileged user could forge the signature of a cryptographic
   module and therefore load a module which would otherwise be rejected
   by kcfd(1M). However, the loading of kernel modules is limited to
   privileged users.

   This issue is also described in the following documents:
     * CERT VU#845620 at:
     * CVE-2006-4339 at:

   Note 1: The issue described in this Sun Alert is specific to libike
   library. Multiple Sun products are affected by this issue. For more
   details please see Sun Alert 102648 at:

2. Contributing Factors

   This issue can occur in the following releases:

   SPARC Platform
     * Solaris 9 without patch 113451-12
     * Solaris 10 without patch 118371-08

   x86 Platform
     * Solaris 9 without patch 114435-11
     * Solaris 10 without patch 118372-08

   Note: Solaris 8 is not affected by this issue.

   Systems are affected by these vulnerabilities if any of the above
   applications are being used to verify data which is signed with an RSA
   signature with an exponent of 3.

   To determine if in.iked(1M) is running on the system, the following
   command can be used:
    $ pgrep in.iked

   To get a list of certificates which can be used by in.iked(1M), the
   ikecert(1M) command can be used:
    $ ikecert certdb -l -v

   The output will contain a list of certificates. Each certificate will
   have the key type displayed. For RSA certificates, there will be a
   public exponent value printed.

   If a certificate has a RSA public key stored in it, the key type will
   be of value "rsa":
    Certificate Slot Name: cert_authority_name.der   Key Type: rsa

   If the following line is in the properties of this certificate, then
   the certificate is vulnerable to the attack described in this
    Public Exponent (e) (   8 bits): 03

   It may be possible to forge signatures based on this certificate, for
   example, if the certificate belongs to a certification authority it
   may be possible to create certificates which incorrectly appear to be
   signed by this authority.

   The forgery is possible only in cases where the affected host is
   configured to accept IKE exchanges from arbitrary hosts or in the case
   where the attacker is able to spoof the traffic to make it appear to
   come from a host from which the affected system is configured to
   receive IKE exchanges.

   elfsign(1) uses certificates which are passed by the "-c" command line
   option or are located in the "/etc/crypto/certs/"directory. kcfd(1M)
   also uses certificates from this directory.

   To verify if a certificate in X509 format that is being used with
   elfsign or kcfd, (either by being stored in the above mentioned
   directory or by being passed to elfsign with the "-c" option) has an
   RSA key that is vulnerable to this attack, run the following command
   against the certificate:
    $ /usr/sfw/bin/openssl x509 -in <cert_file_name> -text

   If the output contains the following lines, then it is possible to
   forge the signature of binaries using this certificate:
    Public Key Algorithm: rsaEncryption
    Exponent: 3 (0x3)

3. Symptoms

   There are no predictable symptoms that would indicate the described
   issue has been exploited. 

4. Relief/Workaround

   Workaround for in.iked(1M):

   Until patches can be applied, sites may wish to disable verification
   of RSA signatures or only verification of RSA signatures created with
   RSA keys with an exponent of 3.

   Using the ikecert(1M) command described above an administrator is able
   to identify certificates with RSA keys and a public exponent of 3.
   These certificates can be removed by making use of the ikecert(1M)
   command, for example:
    $ ikecert certdb -r "C=US, O=Vulnerable Certification Authority, OU=Vulnera
ble Certification Certification Authority class 1"

   Success will be reported by following message:
    certdb: certificate file successfully removed.

   Note: With the removal of the certificate, it is no longer possible to
   establish IKE communication with entities using certificates signed by
   that certification authority. This could lead to disruption of network

   Workaround for elfsign(1) and kcfd(1M):

   All vulnerable certificates passed to elfsign(1) via the "-c" command
   line option or which are present in the "/etc/crypto/certs/"
   directory, as used by elfsign and kcfd, can be removed by using the
   rm(1) command, for example:
    # rm /etc/crypto/certs/Custom_cert

   Note: This can lead to the inability to execute signed binaries if the
   there are third-party applications installed on the system which do
   the verification via elfsign(1), or to the inability to load kernel
   modules which have been signed by one of the removed certificates.

5. Resolution

   This issue is addressed in the following releases:

   SPARC Platform
     * Solaris 9 with patch 113451-12 or later
     * Solaris 10 with patch 118371-08 or later

   x86 Platform
     * Solaris 9 with patch 114435-11 or later
     * Solaris 10 with patch 118372-08 or later

Change History

     * Updated Contributing Factors and Relief/Workaround sections

     * Updated Relief/Workaround section

     * Updated Contributing Factors, Relief/Workaround, and Resolution

     * State: Resolved
     * Updated Contributing Factors and Resolution sections

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.