CVE-2009-1415 – GnuTLS 2.6.x - libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. lib/pk-libgcrypt.c en libgnutls en GnuTLS anterior a v2.6.6 no maneja correctamente las firmas DSA, lo cual permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) y posiblemente tiene otro impacto no especificado a través de una clave DSA malformada que desencadena (1) una liberación del puntero no inicializado. (2) una doble liberación. • https://www.exploit-db.com/exploits/32964 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515 http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502 http://secunia.com/advisories/34842 http://secunia.com/advisories/35211 http://security.gentoo.org/glsa/glsa-200905-04.xml http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488 http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 http://www.securityfocus.com/bid/34783 http:/& • CWE-824: Access of Uninitialized Pointer •
CVE-2009-1417
https://notcve.org/view.php?id=CVE-2009-1417
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. gnutls-cli en GnuTLS anteriores a v2.6.6 no verifica la activación y tiempos de caducidad de los certificados X.509, lo cual permite a atacantes remotos presentar con éxito un certificado que (1) aún es válido o (2) ya no es válido, en relación con la falta de controles en el tiempo la función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls_x509, utilizado por (a) Exim, (b) OpenLDAP y (c) libsoup. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517 http://secunia.com/advisories/34842 http://secunia.com/advisories/35211 http://security.gentoo.org/glsa/glsa-200905-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 http://www.securityfocus.com/bid/34783 http://www.securitytracker.com/id?1022159 http://www.vupen.com/english/advisories/2009/1218 https://exchange.xforce.ibmcloud.com/vulnerabilities/50261 • CWE-310: Cryptographic Issues •
CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo "hombre en el medio" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN). • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/32619 http://secunia.com/advisories/32681 http://secunia.com/advisories/32687 http://secunia.com/advisories/32879 http://secunia.com/advisories/33501 http://secunia.com/advi • CWE-295: Improper Certificate Validation •
CVE-2006-4790
https://notcve.org/view.php?id=CVE-2006-4790
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. verify.c en GnuTLS anterior a 1.4.4, cuando usamos una llave RSA con exponente 3, no maneja correctamente el exceso de datos en el campo digestAlgorithm.parameters al generar un hash, el cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que es firmada por esa llave RSA y evita que GnuTLS verifique correctamente X.509 y otros certificados que utilicen PKCS, es una variante de CVE-2006-4339. • http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html http://secunia.com/advisories/21937 http://secunia.com/advisories/21942 http://secunia.com/advisories/21973 http://secunia.com/advisories/22049 http://secunia.com/advisories/22080 http://secunia.com/advisories/22084 http://secunia.com/advisories/22097 http://secunia.com/advisories/22226 http://secunia.com/advisories/22992 http://secunia •