CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
Link Resource
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
http://secunia.com/advisories/21937
http://secunia.com/advisories/21942
http://secunia.com/advisories/21973
http://secunia.com/advisories/22049
http://secunia.com/advisories/22080
http://secunia.com/advisories/22084
http://secunia.com/advisories/22097
http://secunia.com/advisories/22226
http://secunia.com/advisories/22992
http://secunia.com/advisories/25762
http://security.gentoo.org/glsa/glsa-200609-15.xml
http://securitytracker.com/id?1016844
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.debian.org/security/2006/dsa-1182
http://www.gnu.org/software/gnutls/security.html Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.redhat.com/support/errata/RHSA-2006-0680.html Patch Vendor Advisory
http://www.securityfocus.com/bid/20027
http://www.ubuntu.com/usn/usn-348-1
http://www.vupen.com/english/advisories/2006/3635
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2007/2289
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
http://secunia.com/advisories/21937
http://secunia.com/advisories/21942
http://secunia.com/advisories/21973
http://secunia.com/advisories/22049
http://secunia.com/advisories/22080
http://secunia.com/advisories/22084
http://secunia.com/advisories/22097
http://secunia.com/advisories/22226
http://secunia.com/advisories/22992
http://secunia.com/advisories/25762
http://security.gentoo.org/glsa/glsa-200609-15.xml
http://securitytracker.com/id?1016844
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.debian.org/security/2006/dsa-1182
http://www.gnu.org/software/gnutls/security.html Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.redhat.com/support/errata/RHSA-2006-0680.html Patch Vendor Advisory
http://www.securityfocus.com/bid/20027
http://www.ubuntu.com/usn/usn-348-1
http://www.vupen.com/english/advisories/2006/3635
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2007/2289
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:16

Type Values Removed Values Added
References () http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html - () http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html -
References () http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html - () http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html -
References () http://secunia.com/advisories/21937 - () http://secunia.com/advisories/21937 -
References () http://secunia.com/advisories/21942 - () http://secunia.com/advisories/21942 -
References () http://secunia.com/advisories/21973 - () http://secunia.com/advisories/21973 -
References () http://secunia.com/advisories/22049 - () http://secunia.com/advisories/22049 -
References () http://secunia.com/advisories/22080 - () http://secunia.com/advisories/22080 -
References () http://secunia.com/advisories/22084 - () http://secunia.com/advisories/22084 -
References () http://secunia.com/advisories/22097 - () http://secunia.com/advisories/22097 -
References () http://secunia.com/advisories/22226 - () http://secunia.com/advisories/22226 -
References () http://secunia.com/advisories/22992 - () http://secunia.com/advisories/22992 -
References () http://secunia.com/advisories/25762 - () http://secunia.com/advisories/25762 -
References () http://security.gentoo.org/glsa/glsa-200609-15.xml - () http://security.gentoo.org/glsa/glsa-200609-15.xml -
References () http://securitytracker.com/id?1016844 - () http://securitytracker.com/id?1016844 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 -
References () http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm - () http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm -
References () http://www.debian.org/security/2006/dsa-1182 - () http://www.debian.org/security/2006/dsa-1182 -
References () http://www.gnu.org/software/gnutls/security.html - Patch () http://www.gnu.org/software/gnutls/security.html - Patch
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 -
References () http://www.novell.com/linux/security/advisories/2006_23_sr.html - () http://www.novell.com/linux/security/advisories/2006_23_sr.html -
References () http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html - () http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html -
References () http://www.redhat.com/support/errata/RHSA-2006-0680.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2006-0680.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/20027 - () http://www.securityfocus.com/bid/20027 -
References () http://www.ubuntu.com/usn/usn-348-1 - () http://www.ubuntu.com/usn/usn-348-1 -
References () http://www.vupen.com/english/advisories/2006/3635 - () http://www.vupen.com/english/advisories/2006/3635 -
References () http://www.vupen.com/english/advisories/2006/3899 - () http://www.vupen.com/english/advisories/2006/3899 -
References () http://www.vupen.com/english/advisories/2007/2289 - () http://www.vupen.com/english/advisories/2007/2289 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/28953 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/28953 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937 -

Information

Published : 2006-09-14 19:07

Updated : 2024-11-21 00:16


NVD link : CVE-2006-4790

Mitre link : CVE-2006-4790

CVE.ORG link : CVE-2006-4790


JSON object : View

Products Affected

gnu

  • gnutls