CVE-2009-5138
gnutls: incorrect handling of V1 intermediate certificates
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
GnuTLS anterior a 2.7.6, cuando el indicador GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT no está habilitado, trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos, una vulnerabilidad diferente a CVE-2014-1959.
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A flaw was found in the way GnuTLS handled version 1 X.509 certificates. An attacker able to obtain a version 1 certificate from a trusted certificate authority could use this flaw to issue certificates for other sites that would be accepted by GnuTLS as valid.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-02-26 CVE Reserved
- 2014-03-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-295: Improper Certificate Validation
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://article.gmane.org/gmane.comp.security.oss.general/12223 | Mailing List | |
| http://secunia.com/advisories/57254 | Third Party Advisory | |
| http://secunia.com/advisories/57260 | Third Party Advisory | |
| http://secunia.com/advisories/57274 | Third Party Advisory | |
| http://secunia.com/advisories/57321 | Third Party Advisory | |
| http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361 | Mailing List | |
| http://thread.gmane.org/gmane.comp.security.oss.general/12127 | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 2.7.5 Search vendor "Gnu" for product "Gnutls" and version " <= 2.7.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 2.7.0 Search vendor "Gnu" for product "Gnutls" and version "2.7.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 2.7.1 Search vendor "Gnu" for product "Gnutls" and version "2.7.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 2.7.2 Search vendor "Gnu" for product "Gnutls" and version "2.7.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 2.7.3 Search vendor "Gnu" for product "Gnutls" and version "2.7.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 2.7.4 Search vendor "Gnu" for product "Gnutls" and version "2.7.4" | - |
Affected
| ||||||