4556 matches found
USN-484-1: curl vulnerability
It was discovered that the GnuTLS certificate verification methods implemented in Curl did not check for expiration and activation dates. When performing validations, tools using libcurl3-gnutls would incorrectly allow connections to sites using expired certificates...
CURL-CVE-2007-3564 GnuTLS insufficient cert verification
libcurl when built to use GnuTLS fails to verify that a peer's certificate has not already expired or has not yet become valid. This allows malicious servers to present certificates to libcurl that were not rejected properly. Notably, the CA certificate and common name checks are still in place...
SUSE-SA:2006:055: openssl,mozilla-nss
The remote host is missing the patch for the advisory SUSE-SA:2006:055 openssl,mozilla-nss. If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This problems...
Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...
Fedora Core 5 : gnutls-1.2.10-3 (2006-974)
Thu Sep 14 2006 Tomas Mraz 1.2.10-3 - detect forged signatures - CVE-2006-4790 206411, patch from upstream - Tue May 16 2006 Tomas Mraz - 1.2.10-2 - added missing buildrequires Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Important gnutls security update
1.0.20-3.2.3 - detect forged signatures - CVE-2006-4790 206411, patch backported from upstream...
FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
Secunia reports : A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to for...
GLSA-200609-15 : GnuTLS: RSA Signature Forgery
The remote host is affected by the vulnerability described in GLSA-200609-15 GnuTLS: RSA Signature Forgery verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace...
GnuTLS: RSA Signature Forgery
Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...
CentOS 4 : gnutls (CESA-2006:0680)
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...
USN-348-1: GnuTLS vulnerability
The GnuTLS library did not sufficiently check the padding of PKCS 1 v1.5 signatures if the exponent of the public key is 3 which is widely used for CAs. This could be exploited to forge signatures without the need of the secret key...
[USN-348-1] GnuTLS vulnerability
=========================================================== Ubuntu Security Notice USN-348-1 September 18, 2006 gnutls11, gnutls12 vulnerability CVE-2006-4790 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.1...
RHEL 4 : gnutls (RHSA-2006:0680)
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...
CVE-2006-4790
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...
CVE-2006-4790
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...
CVE-2006-4790
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...
CVE-2006-4790
CVE-2018-16253 (and related CVEs) describe a variant of CVE-2006-4790 where PKCS#1 v1.5 signature verification fails to reject excess data in digestAlgorithm.parameters, enabling remote forgery of signatures when small public exponents are used. Affected: axTLS (sig_verify in x509.c) up to versio...
gnutls security update
CentOS Errata and Security Advisory CESA-2006:0680 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for...
security flaw
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...
Important: Red Hat Security Advisory: gnutls security update
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS...