5

CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version1.0.17
GnuGnutls Version1.0.18
GnuGnutls Version1.0.19
GnuGnutls Version1.0.20
GnuGnutls Version1.0.21
GnuGnutls Version1.0.22
GnuGnutls Version1.0.23
GnuGnutls Version1.0.24
GnuGnutls Version1.0.25
GnuGnutls Version1.1.14
GnuGnutls Version1.1.15
GnuGnutls Version1.1.16
GnuGnutls Version1.1.17
GnuGnutls Version1.1.18
GnuGnutls Version1.1.19
GnuGnutls Version1.1.20
GnuGnutls Version1.1.21
GnuGnutls Version1.1.22
GnuGnutls Version1.1.23
GnuGnutls Version1.2.0
GnuGnutls Version1.2.1
GnuGnutls Version1.2.2
GnuGnutls Version1.2.3
GnuGnutls Version1.2.4
GnuGnutls Version1.2.5
GnuGnutls Version1.2.6
GnuGnutls Version1.2.7
GnuGnutls Version1.2.8
GnuGnutls Version1.2.8.1a1
GnuGnutls Version1.2.9
GnuGnutls Version1.2.10
GnuGnutls Version1.2.11
GnuGnutls Version1.3.0
GnuGnutls Version1.3.1
GnuGnutls Version1.3.2
GnuGnutls Version1.3.3
GnuGnutls Version1.3.4
GnuGnutls Version1.3.5
GnuGnutls Version1.4.0
GnuGnutls Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22080
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://secunia.com/advisories/22992
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://secunia.com/advisories/22226
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.vupen.com/english/advisories/2006/3899
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
http://secunia.com/advisories/21937
http://secunia.com/advisories/21942
http://secunia.com/advisories/21973
http://secunia.com/advisories/22049
http://secunia.com/advisories/22084
http://secunia.com/advisories/22097
http://secunia.com/advisories/25762
http://security.gentoo.org/glsa/glsa-200609-15.xml
http://securitytracker.com/id?1016844
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
http://www.debian.org/security/2006/dsa-1182
http://www.gnu.org/software/gnutls/security.html
Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
http://www.redhat.com/support/errata/RHSA-2006-0680.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/20027
http://www.ubuntu.com/usn/usn-348-1
http://www.vupen.com/english/advisories/2006/3635
http://www.vupen.com/english/advisories/2007/2289
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937