[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4790Date: (C)2006-09-14   (M)2023-12-22


verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1016844
SUNALERT-102648
SUNALERT-102970
BID-20027
SECUNIA-21937
SECUNIA-21942
SECUNIA-21973
SECUNIA-22049
SECUNIA-22080
SECUNIA-22084
SECUNIA-22097
SECUNIA-22226
SECUNIA-22992
SECUNIA-25762
ADV-2006-3635
ADV-2006-3899
ADV-2007-2289
DSA-1182
GLSA-200609-15
MDKSA-2006:166
RHSA-2006:0680
SUSE-SA:2007:010
SUSE-SR:2006:023
USN-348-1
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
gnutls-rsakey-security-bypass(28953)
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.gnu.org/software/gnutls/security.html

CPE    40
cpe:/a:gnu:gnutls:1.1.18
cpe:/a:gnu:gnutls:1.1.19
cpe:/a:gnu:gnutls:1.0.24
cpe:/a:gnu:gnutls:1.1.14
...

© SecPod Technologies