Vulners
Lucene search
GnuTLS 2.6.x - libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing
| Reporter | Title | Published | Views | Family All 32 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1 | 30 Apr 200900:00 | – | altlinux |
| Security fix for the ALT Linux 9 package gnutls30 version 2.6.6-alt1 | 30 Apr 200900:00 | – | altlinux |
 | Apple iOS < 4.0 Multiple Vulnerabilities | 22 Jun 201000:00 | – | nessus |
| FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794) | 20 Aug 200900:00 | – | nessus |
| GLSA-200905-04 : GnuTLS: Multiple vulnerabilities | 26 May 200900:00 | – | nessus |
| Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116) | 19 May 200900:00 | – | nessus |
| Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01) | 11 May 200900:00 | – | nessus |
 | GnuTLS -- multiple vulnerabilities | 21 May 200900:00 | – | freebsd |
 | CVE-2009-1416 | 30 Apr 200900:00 | – | circl |
 | CVE-2009-1416 | 30 Apr 200920:00 | – | cve |
10
// source: https://www.securityfocus.com/bid/34783/info
GnuTLS is prone to multiple remote vulnerabilities:
- A remote code-execution vulnerability
- A denial-of-service vulnerability
- A signature-generation vulnerability
- A signature-verification vulnerability
An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.
Versions prior to GnuTLS 2.6.6 are vulnerable.
/*
* Small code to reproduce the CVE-2009-1416 bad DSA key problem.
*
* Build it using:
*
* gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls
*
* If your gnutls library is OK then running it will print 'success!'.
*
* If your gnutls library is buggy then running it will print 'buggy'.
*
*/
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <gcrypt.h>
#include <gnutls/gnutls.h>
int
main (void)
{
gnutls_x509_privkey_t key;
gnutls_datum_t p, q, g, y, x;
int ret;
gnutls_global_init ();
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
return 1;
ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);
if (ret < 0)
return 1;
ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
if (ret < 0)
return 1;
if (q.size == 3 && memcmp (q.data, "\x01\x00\x01", 3) == 0)
printf ("buggy\n");
else
printf ("success!\n");
gnutls_free (p.data);
gnutls_free (q.data);
gnutls_free (g.data);
gnutls_free (y.data);
gnutls_free (x.data);
gnutls_x509_privkey_deinit (key);
gnutls_global_deinit ();
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2009 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 27.5
EPSS0.04853