Executive Summary
Summary | |
---|---|
Title | GnuTLS: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200905-04 | First vendor Publication | 2009-05-24 |
Vendor | Gentoo | Last vendor Modification | 2009-05-24 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in GnuTLS might result in a Denial of Service, spoofing or the generation of invalid keys. Background Description * Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). * Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). * Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the "gnutls-cli" program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417). Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200905-04.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200905-04.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-04-30 | GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing |
2009-04-30 | GnuTLS 2.6.x libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:308 (gnutls) File : nvt/mdksa_2009_308.nasl |
2009-09-02 | Name : FreeBSD Ports: gnutls File : nvt/freebsd_gnutls4.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:116 (gnutls) File : nvt/mdksa_2009_116.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-05-25 | Name : Gentoo Security Advisory GLSA 200905-04 (gnutls) File : nvt/glsa_200905_04.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-128-01 gnutls File : nvt/esoft_slk_ssa_2009_128_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54625 | GnuTLS libgnutls_x509 gnutls-cli lib/x509/verify.c _gnutls_x509_verify_certif... |
54624 | GnuTLS libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS |
54623 | GnuTLS libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-308.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b31a1088460f11dea11a0022156e8794.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-04.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-116.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-128-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:32 |
|