Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200609-15
HistorySep 26, 2006 - 12:00 a.m.

GnuTLS: RSA Signature Forgery

2006-09-2600:00:00
Gentoo Foundation
security.gentoo.org
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

93.6%

JSON

Background

GnuTLS is an implementation of SSL 3.0 and TLS 1.0.

Description

verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace.

Impact

Remote attackers could forge PKCS #1 v1.5 signatures that are signed with an RSA key, preventing GnuTLS from correctly verifying X.509 and other certificates that use PKCS.

Workaround

There is no known workaround at this time.

Resolution

All GnuTLS users should update both packages:

 # emerge --sync
 # emerge --update --ask --verbose ">=net-libs/gnutls-1.4.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/gnutls< 1.4.4UNKNOWN

Related

openvas 11
nessus 23
freebsd 1
centos 1
securityvulns 1
oraclelinux 1
redhat 1
debian 1
ubuntu 1
cve 3
ubuntucve 2
prion 2
debiancve 2
redhatcve 1
alpinelinux 1
osv 2
suse 1
openvas
openvas
Gentoo Security Advisory GLSA 200609-15 (gnutls)
2008-09-24 00:00:00
SLES9: Security update for IBM Java2 JRE and SDK
2009-10-10 00:00:00
FreeBSD Ports: gnutls, gnutls-devel
2008-09-04 00:00:00
nessus
nessus
FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
2006-10-05 00:00:00
CentOS 4 : gnutls (CESA-2006:0680)
2006-09-22 00:00:00
SuSE9 Security Update : gnutls (YOU Patch Number 11228)
2009-09-24 00:00:00
freebsd
freebsd
gnutls -- RSA Signature Forgery Vulnerability
2006-09-08 00:00:00
centos
centos
gnutls security update
2006-09-14 14:44:53
securityvulns
securityvulns
[USN-348-1] GnuTLS vulnerability
2006-09-19 00:00:00
oraclelinux
oraclelinux
Important gnutls security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0680) gnutls security update
2006-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
2006-09-22 15:34:35
ubuntu
ubuntu
GnuTLS vulnerability
2006-09-19 00:00:00
cve
cve
CVE-2006-4790
2006-09-14 19:07:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:00
ubuntucve
ubuntucve
CVE-2006-4790
2006-09-14 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
prion
prion
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2018-09-26 21:29:00
debiancve
debiancve
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:00
osv
osv
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
suse
suse
remote code execution in IBMJava2
2007-01-18 16:13:31

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

93.6%

JSON
Related for GLSA-200609-15
openvas11nessus23freebsd1centos1securityvulns1oraclelinux1redhat1debian1ubuntu1cve3ubuntucve2prion2debiancve2redhatcve1alpinelinux1osv2suse1