5.8

CVE-2009-5138

Exploit

EPSS 1.37%
Veröffentlicht 07.03.2014 00:10:53
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Gnutls Version <= 2.7.5

Gnu ≫ Gnutls Version2.7.0

Gnu ≫ Gnutls Version2.7.1

Gnu ≫ Gnutls Version2.7.2

Gnu ≫ Gnutls Version2.7.3

Gnu ≫ Gnutls Version2.7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.37%	0.784

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

http://secunia.com/advisories/57260

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

http://secunia.com/advisories/57274

http://article.gmane.org/gmane.comp.security.oss.general/12223

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html

http://rhn.redhat.com/errata/RHSA-2014-0247.html

http://secunia.com/advisories/57254

http://secunia.com/advisories/57321

http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361

http://thread.gmane.org/gmane.comp.security.oss.general/12127

https://bugzilla.redhat.com/show_bug.cgi?id=1069301

https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-5138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-5138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-5138

EUVD