CVE-2008-4989 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4989
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4989

Description: The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/46482 UBUNTU http://www.ubuntu.com/usn/usn-678-2 http://www.ubuntulinux.org/support/documentation/usn/usn-678-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1 ST 1021167 SAID Secunia Advisory: SA32619 Secunia Advisory: SA32879 Secunia Advisory: SA32687 Secunia Advisory: SA35423 Secunia Advisory: SA32681 Secunia Advisory: SA33501 Secunia Advisory: SA33694 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0982.html MLIST http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:227 GENTOO http://security.gentoo.org/glsa/glsa-200901-10.xml FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1719 CONFIRM http://www.gnu.org/software/gnutls/security.html BID 32232

Return to the previous page.