verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3,
does not properly handle excess data in the digestAlgorithm.parameters
field when generating a hash, which allows remote attackers to forge a PKCS
#1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from
correctly verifying X.509 and other certificates that use PKCS, a variant
of CVE-2006-4339.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchgnutls11< 1.0.16-14ubuntu1.1UNKNOWN
ubuntu6.06noarchgnutls12< 1.2.9-2ubuntu1.1UNKNOWN
ubuntu6.10noarchgnutls12< 1.2.11-2ubuntu1UNKNOWN
ubuntu6.10noarchgnutls13< 1.4.0-3ubuntu1UNKNOWN
ubuntu7.04noarchgnutls13< 1.4.0-3ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	gnutls11	< 1.0.16-14ubuntu1.1	UNKNOWN
ubuntu	6.06	noarch	gnutls12	< 1.2.9-2ubuntu1.1	UNKNOWN
ubuntu	6.10	noarch	gnutls12	< 1.2.11-2ubuntu1	UNKNOWN
ubuntu	6.10	noarch	gnutls13	< 1.4.0-3ubuntu1	UNKNOWN
ubuntu	7.04	noarch	gnutls13	< 1.4.0-3ubuntu1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2006-4790

nvd.nist.gov/vuln/detail/CVE-2006-4790

security-tracker.debian.org/tracker/CVE-2006-4790

ubuntu.com/security/notices/USN-348-1

www.cve.org/CVERecord?id=CVE-2006-4790

cve 7

nessus 86

openvas 50

centos 3

freebsd 3

checkpoint_advisories 1

securityvulns 4

f5 2

debian 3

slackware 2

ubuntu 2

freebsd_advisory 1

gentoo 3

altlinux 3

debiancve 4

openssl 1

oraclelinux 3

redhat 3

jvn 1

osv 3

checkpoint_security 1

cert 1

ubuntucve 3

suse 3

mozilla 1

cisco 1

prion 2

redhatcve 1

alpinelinux 1

cve

CVE-2006-4790

2006-09-14 19:07:00

CVE-2006-4339

2006-09-05 17:04:00

CVE-2006-7140

2007-03-07 20:19:00

nessus

Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)

2007-02-18 00:00:00

FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)

2006-10-05 00:00:00

GLSA-200609-15 : GnuTLS: RSA Signature Forgery

2006-09-27 00:00:00

openvas

Gentoo Security Advisory GLSA 200609-15 (gnutls)

2008-09-24 00:00:00

Ubuntu: Security Advisory (USN-348-1)

2022-08-26 00:00:00

FreeBSD Ports: gnutls, gnutls-devel

2008-09-04 00:00:00

centos

gnutls security update

2006-09-14 14:44:53

openssl, openssl096b security update

2006-09-08 09:58:00

openssl, openssl095a, openssl096 security update

2006-09-11 00:52:04

freebsd

gnutls -- RSA Signature Forgery Vulnerability

2006-09-08 00:00:00

openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)

2006-09-06 00:00:00

opera -- RSA Signature Forgery

2006-09-18 00:00:00

checkpoint_advisories

Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability

2006-11-13 00:00:00

securityvulns

OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)

2006-09-05 00:00:00

SIP over TLS: X.509 peer authentication vulnerability in Ingate products

2006-09-15 00:00:00

[USN-348-1] GnuTLS vulnerability

2006-09-19 00:00:00

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

2007-05-16 00:00:00

K6623 : OpenSSL signature vulnerability - CVE-2006-4339

2013-03-26 00:00:00

debian

[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness

2006-09-10 12:25:00

[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness

2006-09-22 15:34:35

[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness

2006-09-11 17:07:45

slackware

[slackware-security] openssl

2006-09-14 22:05:20

[slackware-security] bind

2006-11-07 06:26:27

ubuntu

OpenSSL vulnerability

2006-09-05 00:00:00

GnuTLS vulnerability

2006-09-19 00:00:00

freebsd_advisory

FreeBSD-SA-06:19.openssl

2006-09-06 00:00:00

gentoo

GnuTLS: RSA Signature Forgery

2006-09-26 00:00:00

OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

2006-09-07 00:00:00

Mozilla Network Security Service (NSS): RSA signature forgery

2006-10-17 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4

2006-09-06 00:00:00

debiancve

CVE-2006-4339

2006-09-05 17:04:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2006-4340

2006-09-15 18:07:00

openssl

Vulnerability in OpenSSL CVE-2006-4339

2006-09-05 00:00:00

oraclelinux

Important gnutls security update

2006-11-30 00:00:00

Important openssl security update

2006-11-30 00:00:00

Important openssl security update

2006-11-30 00:00:00

redhat

(RHSA-2006:0680) gnutls security update

2006-09-14 00:00:00

(RHSA-2006:0661) openssl security update

2006-09-06 00:00:00

(RHSA-2007:0073) Critical: java-1.5.0-ibm security update

2007-02-09 00:00:00

jvn

JVN#51615542: Adobe Reader fails to properly handle signatures

2012-08-30 00:00:00

osv

openssl - cryptographic weakness

2006-09-10 00:00:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:01

checkpoint_security

OpenSSL CVE-2006-4339 8732 vulnerability Fix

2006-10-18 22:00:00

cert

Multiple RSA implementations fail to properly handle signatures

2006-09-11 00:00:00

ubuntucve

CVE-2006-4339

2006-09-05 00:00:00

CVE-2006-4340

2006-09-15 00:00:00

CVE-2018-16152

2018-09-24 00:00:00

suse

remote code execution in IBMJava2

2007-01-18 16:13:31

remote code execution in opera

2006-10-19 13:18:21

RSA signature evasion in openssl,mozilla-nss

2006-09-22 15:25:59

mozilla

RSA Signature Forgery — Mozilla

2006-09-14 00:00:00

cisco

OpenSSL RSA Signature Forgery Vulnerability

2006-09-05 17:39:31

prion

Code injection

2018-11-07 20:29:00

Design/Logic Flaw

2018-09-26 21:29:00

redhatcve

CVE-2018-16152

2018-10-03 20:20:39

alpinelinux

CVE-2018-16152

2018-09-26 21:29:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

93.5%

JSON

Related for UB:CVE-2006-4790