gnutls -- RSA Signature Forgery Vulnerability

2006-09-08T00:00:00
ID 64BF6234-520D-11DB-8F1A-000A48049292
Type freebsd
Reporter FreeBSD
Modified 2006-09-08T00:00:00

Description

Secunia reports:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.