CVE-2006-4790 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-4790
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4790

Description: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28953 UBUNTU http://www.ubuntu.com/usn/usn-348-1 SUSE http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 ST 1016844 SAID Secunia Advisory: SA22049 Secunia Advisory: SA21973 Secunia Advisory: SA21937 Secunia Advisory: SA21942 Secunia Advisory: SA22084 Secunia Advisory: SA22097 Secunia Advisory: SA22226 Secunia Advisory: SA22080 Secunia Advisory: SA22992 Secunia Advisory: SA25762 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0680.html MLIST http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:166 GENTOO http://security.gentoo.org/glsa/glsa-200609-15.xml DEBIAN http://www.debian.org/security/2006/dsa-1182 CONFIRM http://www.gnu.org/software/gnutls/security.html http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm BID 20027

Return to the previous page.