Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2006-4790
HistorySep 14, 2006 - 7:07 p.m.

CVE-2006-4790

2006-09-1419:07:00
[email protected]
web.nvd.nist.gov
7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Affected configurations

Nvd
Node
gnugnutlsMatch1.0.17
OR
gnugnutlsMatch1.0.18
OR
gnugnutlsMatch1.0.19
OR
gnugnutlsMatch1.0.20
OR
gnugnutlsMatch1.0.21
OR
gnugnutlsMatch1.0.22
OR
gnugnutlsMatch1.0.23
OR
gnugnutlsMatch1.0.24
OR
gnugnutlsMatch1.0.25
OR
gnugnutlsMatch1.1.14
OR
gnugnutlsMatch1.1.15
OR
gnugnutlsMatch1.1.16
OR
gnugnutlsMatch1.1.17
OR
gnugnutlsMatch1.1.18
OR
gnugnutlsMatch1.1.19
OR
gnugnutlsMatch1.1.20
OR
gnugnutlsMatch1.1.21
OR
gnugnutlsMatch1.1.22
OR
gnugnutlsMatch1.1.23
OR
gnugnutlsMatch1.2.0
OR
gnugnutlsMatch1.2.1
OR
gnugnutlsMatch1.2.2
OR
gnugnutlsMatch1.2.3
OR
gnugnutlsMatch1.2.4
OR
gnugnutlsMatch1.2.5
OR
gnugnutlsMatch1.2.6
OR
gnugnutlsMatch1.2.7
OR
gnugnutlsMatch1.2.8
OR
gnugnutlsMatch1.2.8.1a1
OR
gnugnutlsMatch1.2.9
OR
gnugnutlsMatch1.2.10
OR
gnugnutlsMatch1.2.11
OR
gnugnutlsMatch1.3.0
OR
gnugnutlsMatch1.3.1
OR
gnugnutlsMatch1.3.2
OR
gnugnutlsMatch1.3.3
OR
gnugnutlsMatch1.3.4
OR
gnugnutlsMatch1.3.5
OR
gnugnutlsMatch1.4.0
OR
gnugnutlsMatch1.4.1
VendorProductVersionCPE
gnugnutls1.0.17cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
gnugnutls1.0.18cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
gnugnutls1.0.19cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
gnugnutls1.0.20cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
gnugnutls1.0.21cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
gnugnutls1.0.22cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
gnugnutls1.0.23cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
gnugnutls1.0.24cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
gnugnutls1.0.25cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
gnugnutls1.1.14cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

References

Related

cvelist 7
nessus 79
ubuntucve 4
cve 7
gentoo 3
openvas 45
freebsd 3
checkpoint_advisories 1
slackware 2
securityvulns 4
f5 2
freebsd_advisory 1
ubuntu 2
debian 3
centos 3
oraclelinux 2
redhat 2
altlinux 3
debiancve 4
openssl 1
osv 3
cert 1
checkpoint_security 1
jvn 1
nvd 6
suse 3
mozilla 1
cisco 1
redhatcve 1
prion 2
alpinelinux 1
cvelist
cvelist
CVE-2006-4790
2006-09-14 19:00:00
CVE-2006-4339
2006-09-05 17:00:00
CVE-2006-7140
2007-03-07 20:00:00
nessus
nessus
Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)
2007-02-18 00:00:00
openSUSE 10 Security Update : gnutls (gnutls-2118)
2007-10-17 00:00:00
SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)
2007-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2006-4790
2006-09-14 00:00:00
CVE-2006-4339
2006-09-05 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
cve
cve
CVE-2006-4790
2006-09-14 19:07:00
CVE-2006-4339
2006-09-05 17:04:00
CVE-2006-7140
2007-03-07 20:19:00
gentoo
gentoo
GnuTLS: RSA Signature Forgery
2006-09-26 00:00:00
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
2006-09-07 00:00:00
Mozilla Network Security Service (NSS): RSA signature forgery
2006-10-17 00:00:00
openvas
openvas
SLES9: Security update for IBM Java2 JRE and SDK
2009-10-10 00:00:00
FreeBSD Ports: gnutls, gnutls-devel
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200609-15 (gnutls)
2008-09-24 00:00:00
freebsd
freebsd
gnutls -- RSA Signature Forgery Vulnerability
2006-09-08 00:00:00
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-06 00:00:00
opera -- RSA Signature Forgery
2006-09-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability
2006-11-13 00:00:00
slackware
slackware
[slackware-security] bind
2006-11-07 06:26:27
[slackware-security] openssl
2006-09-14 22:05:20
securityvulns
securityvulns
OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)
2006-09-05 00:00:00
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
2006-09-15 00:00:00
[USN-348-1] GnuTLS vulnerability
2006-09-19 00:00:00
f5
f5
SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339
2007-05-16 00:00:00
K6623 : OpenSSL signature vulnerability - CVE-2006-4339
2013-03-26 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:19.openssl
2006-09-06 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2006-09-05 00:00:00
GnuTLS vulnerability
2006-09-19 00:00:00
debian
debian
[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness
2006-09-10 12:25:00
[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness
2006-09-11 17:07:45
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
2006-09-22 15:34:35
centos
centos
gnutls security update
2006-09-14 14:44:53
openssl, openssl095a, openssl096 security update
2006-09-11 00:52:04
openssl, openssl096b security update
2006-09-08 09:58:00
oraclelinux
oraclelinux
Important gnutls security update
2006-11-30 00:00:00
Important openssl security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0680) gnutls security update
2006-09-14 00:00:00
(RHSA-2006:0661) openssl security update
2006-09-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
debiancve
debiancve
CVE-2006-4339
2006-09-05 17:04:00
CVE-2018-16152
2018-09-26 21:29:01
CVE-2018-16253
2018-11-07 20:29:00
openssl
openssl
Vulnerability in OpenSSL - RSA Signature Forgery
2006-09-05 00:00:00
osv
osv
openssl - cryptographic weakness
2006-09-10 00:00:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
cert
cert
Multiple RSA implementations fail to properly handle signatures
2006-09-11 00:00:00
checkpoint_security
checkpoint_security
OpenSSL CVE-2006-4339 8732 vulnerability Fix
2006-10-18 22:00:00
jvn
jvn
JVN#51615542: Adobe Reader fails to properly handle signatures
2012-08-30 00:00:00
nvd
nvd
CVE-2006-4339
2006-09-05 17:04:00
CVE-2006-7140
2007-03-07 20:19:00
CVE-2006-5484
2006-10-24 22:07:00
suse
suse
remote code execution in IBMJava2
2007-01-18 16:13:31
remote code execution in opera
2006-10-19 13:18:21
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
mozilla
mozilla
RSA Signature Forgery — Mozilla
2006-09-14 00:00:00
cisco
cisco
OpenSSL RSA Signature Forgery Vulnerability
2006-09-05 17:39:31
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
prion
prion
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2018-09-26 21:29:00
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:01

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON
Related for NVD:CVE-2006-4790
cvelist7nessus79ubuntucve4cve7gentoo3openvas45freebsd3checkpoint_advisories1slackware2securityvulns4f52freebsd_advisory1ubuntu2debian3centos3oraclelinux2redhat2altlinux3debiancve4openssl1osv3cert1checkpoint_security1jvn1nvd6suse3mozilla1cisco1redhatcve1prion2alpinelinux1