SUSE-SA:2006:055: openssl,mozilla-nss

The remote host is missing the patch for the advisory SUSE-SA:2006:055 openssl,mozilla-nss. If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This problems...

Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

Fedora Core 5 : gnutls-1.2.10-3 (2006-974)

Thu Sep 14 2006 Tomas Mraz 1.2.10-3 - detect forged signatures - CVE-2006-4790 206411, patch from upstream - Tue May 16 2006 Tomas Mraz - 1.2.10-2 - added missing buildrequires Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Important gnutls security update

1.0.20-3.2.3 - detect forged signatures - CVE-2006-4790 206411, patch backported from upstream...

FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)

Secunia reports : A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to for...

GLSA-200609-15 : GnuTLS: RSA Signature Forgery

The remote host is affected by the vulnerability described in GLSA-200609-15 GnuTLS: RSA Signature Forgery verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace...

GnuTLS: RSA Signature Forgery

Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...

CentOS 4 : gnutls (CESA-2006:0680)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...

USN-348-1: GnuTLS vulnerability

The GnuTLS library did not sufficiently check the padding of PKCS 1 v1.5 signatures if the exponent of the public key is 3 which is widely used for CAs. This could be exploited to forge signatures without the need of the secret key...

[USN-348-1] GnuTLS vulnerability

=========================================================== Ubuntu Security Notice USN-348-1 September 18, 2006 gnutls11, gnutls12 vulnerability CVE-2006-4790 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.1...

RHEL 4 : gnutls (RHSA-2006:0680)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...

CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

CVE-2006-4790

CVE-2018-16253 (and related CVEs) describe a variant of CVE-2006-4790 where PKCS#1 v1.5 signature verification fails to reject excess data in digestAlgorithm.parameters, enabling remote forgery of signatures when small public exponents are used. Affected: axTLS (sig_verify in x509.c) up to versio...

gnutls security update

CentOS Errata and Security Advisory CESA-2006:0680 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for...

security flaw

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

Important: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...

PT-2006-1074

Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 1.4.4 Description: The issue concerns a problem with handling excess data in the digestAlgorithm.parameters field when generating a hash using an RSA key with exponent 3. This can be exploited remotely, allowing...

FreeBSD : gnutls -- Adaptive Chosen Ciphertext Attack (831) (deprecated)

The remote host is missing an update to the system The following package is affected: gnutls-devel This plugin has been deprecated since the advisory has been canceled. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the VuXML entry has been cancelled. Disabled on 2011/10/02....