Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2006:0680
HistorySep 14, 2006 - 12:00 a.m.

(RHSA-2006:0680) gnutls security update

2006-09-1400:00:00
access.redhat.com
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

92.9%

JSON

The GnuTLS Library provides support for cryptographic algorithms and
protocols such as TLS. GnuTLS includes libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be possible for
an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly
verified by implementations that do not check for excess data in the RSA
exponentiation result of the signature.

The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of
the Bleichenbacker attack. This issue affects applications that use GnuTLS
to verify X.509 certificates as well as other uses of PKCS #1 v1.5.
(CVE-2006-4790)

In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the
Evolution client when connecting to an Exchange server or when publishing
calendar information to a WebDAV server.

Users are advised to upgrade to these updated packages, which contain a
backported patch from the GnuTLS maintainers to correct this issue.

Related

openvas 11
nessus 23
freebsd 1
gentoo 1
centos 1
securityvulns 1
oraclelinux 1
debian 1
ubuntu 1
cve 3
ubuntucve 2
prion 2
debiancve 2
redhatcve 1
alpinelinux 1
osv 2
suse 1
openvas
openvas
Gentoo Security Advisory GLSA 200609-15 (gnutls)
2008-09-24 00:00:00
Debian Security Advisory DSA 1182-1 (gnutls11)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1182-1)
2008-01-17 00:00:00
nessus
nessus
FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
2006-10-05 00:00:00
CentOS 4 : gnutls (CESA-2006:0680)
2006-09-22 00:00:00
SuSE9 Security Update : gnutls (YOU Patch Number 11228)
2009-09-24 00:00:00
freebsd
freebsd
gnutls -- RSA Signature Forgery Vulnerability
2006-09-08 00:00:00
gentoo
gentoo
GnuTLS: RSA Signature Forgery
2006-09-26 00:00:00
centos
centos
gnutls security update
2006-09-14 14:44:53
securityvulns
securityvulns
[USN-348-1] GnuTLS vulnerability
2006-09-19 00:00:00
oraclelinux
oraclelinux
Important gnutls security update
2006-11-30 00:00:00
debian
debian
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
2006-09-22 15:34:35
ubuntu
ubuntu
GnuTLS vulnerability
2006-09-19 00:00:00
cve
cve
CVE-2006-4790
2006-09-14 19:07:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:00
ubuntucve
ubuntucve
CVE-2006-4790
2006-09-14 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
prion
prion
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2018-09-26 21:29:00
debiancve
debiancve
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:00
osv
osv
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
suse
suse
remote code execution in IBMJava2
2007-01-18 16:13:31

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

92.9%

JSON
Related for RHSA-2006:0680
openvas11nessus23freebsd1gentoo1centos1securityvulns1oraclelinux1debian1ubuntu1cve3ubuntucve2prion2debiancve2redhatcve1alpinelinux1osv2suse1