CVE-2006-7140

Name: CVE-2006-7140
Creator: NVD / NIST
Published: 2007-03-07T20:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.14%

Last modified Jun 16, 2026

CVE-2006-7140 is a vulnerability of currently unknown severity. The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.

Description

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

Metrics

EPSS Probability

1.14%

62.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Sun	Solaris	10.0	Hw2
Sun	Sunos	5.9	—

References

Timeline

Published: Mar 7, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-7140?

How severe is CVE-2006-7140?

Severity scoring for CVE-2006-7140 is pending analysis. The EPSS model estimates a 1.14% probability of exploitation in the next 30 days.

How do I fix CVE-2006-7140?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-7140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST