Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-348-1
HistorySep 19, 2006 - 12:00 a.m.

GnuTLS vulnerability

2006-09-1900:00:00
ubuntu.com
27

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.046 Low

EPSS

Percentile

92.5%

JSON

Releases

  • Ubuntu 6.06
  • Ubuntu 5.10
  • Ubuntu 5.04

Details

The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchlibgnutls12< 1.2.9-2ubuntu1.1UNKNOWN
Ubuntu6.06noarchlibgnutls11< 1.0.16-14ubuntu1.1UNKNOWN
Ubuntu5.10noarchlibgnutls11< 1.0.16-13.1ubuntu1.2UNKNOWN
Ubuntu5.04noarchlibgnutls11< 1.0.16-13ubuntu0.3UNKNOWN

Related

openvas 11
nessus 23
centos 1
securityvulns 1
redhat 1
oraclelinux 1
debian 1
freebsd 1
gentoo 1
ubuntucve 2
cve 3
nvd 3
cvelist 3
redhatcve 1
debiancve 2
prion 2
osv 2
alpinelinux 1
suse 1
openvas
openvas
Gentoo Security Advisory GLSA 200609-15 (gnutls)
2008-09-24 00:00:00
FreeBSD Ports: gnutls, gnutls-devel
2008-09-04 00:00:00
Ubuntu: Security Advisory (USN-348-1)
2022-08-26 00:00:00
nessus
nessus
FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
2006-10-05 00:00:00
GLSA-200609-15 : GnuTLS: RSA Signature Forgery
2006-09-27 00:00:00
Oracle Linux 4 : gnutls (ELSA-2006-0680)
2013-07-12 00:00:00
centos
centos
gnutls security update
2006-09-14 14:44:53
securityvulns
securityvulns
[USN-348-1] GnuTLS vulnerability
2006-09-19 00:00:00
redhat
redhat
(RHSA-2006:0680) gnutls security update
2006-09-14 00:00:00
oraclelinux
oraclelinux
Important gnutls security update
2006-11-30 00:00:00
debian
debian
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
2006-09-22 00:00:00
freebsd
freebsd
gnutls -- RSA Signature Forgery Vulnerability
2006-09-08 00:00:00
gentoo
gentoo
GnuTLS: RSA Signature Forgery
2006-09-26 00:00:00
ubuntucve
ubuntucve
CVE-2006-4790
2006-09-14 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
cve
cve
CVE-2006-4790
2006-09-14 19:07:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
nvd
nvd
CVE-2006-4790
2006-09-14 19:07:00
CVE-2018-16152
2018-09-26 21:29:01
CVE-2018-16253
2018-11-07 20:29:00
cvelist
cvelist
CVE-2006-4790
2006-09-14 19:00:00
CVE-2018-16152
2018-09-26 21:00:00
CVE-2018-16253
2018-11-07 20:00:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
debiancve
debiancve
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
prion
prion
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2018-09-26 21:29:00
osv
osv
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:01
suse
suse
remote code execution in IBMJava2
2007-01-18 16:13:31

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.046 Low

EPSS

Percentile

92.5%

JSON
Related for USN-348-1
openvas11nessus23centos1securityvulns1redhat1oraclelinux1debian1freebsd1gentoo1ubuntucve2cve3nvd3cvelist3redhatcve1debiancve2prion2osv2alpinelinux1suse1