Lucene search

PRIOn knowledge basePRION:CVE-2009-1416

HistoryApr 30, 2009 - 8:30 p.m.

Code injection

2009-04-3020:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.4%

JSON

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

CPENameOperatorVersion
gnutlseq2.6.1
gnutlseq2.6.0
gnutlseq2.5.0
gnutlseq2.6.2
gnutlseq2.6.3
gnutlseq2.6.5
gnutlseq2.6.4

Name	Operator	Version
gnutls	eq	2.6.1
gnutls	eq	2.6.0
gnutls	eq	2.5.0
gnutls	eq	2.6.2
gnutls	eq	2.6.3
gnutls	eq	2.6.5
gnutls	eq	2.6.4

References

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516

lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html

secunia.com/advisories/34842

secunia.com/advisories/35211

security.gentoo.org/glsa/glsa-200905-04.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:116

www.securityfocus.com/bid/34783

www.securitytracker.com/id?1022158

www.vupen.com/english/advisories/2009/1218

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.4%

JSON

Related for PRION:CVE-2009-1416