ID CVE-2006-4790
Summary verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
Vulnerable Configurations
  • GNU GnuTLS 1.0.17
    cpe:2.3:a:gnu:gnutls:1.0.17
  • GNU GnuTLS 1.0.18
    cpe:2.3:a:gnu:gnutls:1.0.18
  • GNU GnuTLS 1.0.19
    cpe:2.3:a:gnu:gnutls:1.0.19
  • GNU GnuTLS 1.0.20
    cpe:2.3:a:gnu:gnutls:1.0.20
  • GNU GnuTLS 1.0.21
    cpe:2.3:a:gnu:gnutls:1.0.21
  • GNU GnuTLS 1.0.22
    cpe:2.3:a:gnu:gnutls:1.0.22
  • GNU GnuTLS 1.0.23
    cpe:2.3:a:gnu:gnutls:1.0.23
  • GNU GnuTLS 1.0.24
    cpe:2.3:a:gnu:gnutls:1.0.24
  • GNU GnuTLS 1.0.25
    cpe:2.3:a:gnu:gnutls:1.0.25
  • GNU GnuTLS 1.1.14
    cpe:2.3:a:gnu:gnutls:1.1.14
  • GNU GnuTLS 1.1.15
    cpe:2.3:a:gnu:gnutls:1.1.15
  • GNU GnuTLS 1.1.16
    cpe:2.3:a:gnu:gnutls:1.1.16
  • GNU GnuTLS 1.1.17
    cpe:2.3:a:gnu:gnutls:1.1.17
  • GNU GnuTLS 1.1.18
    cpe:2.3:a:gnu:gnutls:1.1.18
  • GNU GnuTLS 1.1.19
    cpe:2.3:a:gnu:gnutls:1.1.19
  • GNU GnuTLS 1.1.20
    cpe:2.3:a:gnu:gnutls:1.1.20
  • GNU GnuTLS 1.1.21
    cpe:2.3:a:gnu:gnutls:1.1.21
  • GNU GnuTLS 1.1.22
    cpe:2.3:a:gnu:gnutls:1.1.22
  • GNU GnuTLS 1.1.23
    cpe:2.3:a:gnu:gnutls:1.1.23
  • GNU GnuTLS 1.2.0
    cpe:2.3:a:gnu:gnutls:1.2.0
  • GNU GnuTLS 1.2.1
    cpe:2.3:a:gnu:gnutls:1.2.1
  • GNU GnuTLS 1.2.2
    cpe:2.3:a:gnu:gnutls:1.2.2
  • GNU GnuTLS 1.2.3
    cpe:2.3:a:gnu:gnutls:1.2.3
  • GNU GnuTLS 1.2.4
    cpe:2.3:a:gnu:gnutls:1.2.4
  • GNU GnuTLS 1.2.5
    cpe:2.3:a:gnu:gnutls:1.2.5
  • GNU GnuTLS 1.2.6
    cpe:2.3:a:gnu:gnutls:1.2.6
  • GNU GnuTLS 1.2.7
    cpe:2.3:a:gnu:gnutls:1.2.7
  • GNU GnuTLS 1.2.8
    cpe:2.3:a:gnu:gnutls:1.2.8
  • GNU GnuTLS 1.2.8.1a1
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1
  • GNU GnuTLS 1.2.9
    cpe:2.3:a:gnu:gnutls:1.2.9
  • GNU GnuTLS 1.2.10
    cpe:2.3:a:gnu:gnutls:1.2.10
  • GNU GnuTLS 1.2.11
    cpe:2.3:a:gnu:gnutls:1.2.11
  • GNU GnuTLS 1.3.0
    cpe:2.3:a:gnu:gnutls:1.3.0
  • GNU GnuTLS 1.3.1
    cpe:2.3:a:gnu:gnutls:1.3.1
  • GNU GnuTLS 1.3.2
    cpe:2.3:a:gnu:gnutls:1.3.2
  • GNU GnuTLS 1.3.3
    cpe:2.3:a:gnu:gnutls:1.3.3
  • GNU GnuTLS 1.3.4
    cpe:2.3:a:gnu:gnutls:1.3.4
  • GNU GnuTLS 1.3.5
    cpe:2.3:a:gnu:gnutls:1.3.5
  • GNU GnuTLS 1.4.0
    cpe:2.3:a:gnu:gnutls:1.4.0
  • GNU GnuTLS 1.4.1
    cpe:2.3:a:gnu:gnutls:1.4.1
CVSS
Base: 5.0 (as of 18-09-2006 - 13:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123938-03.NASL
    description GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Sep/13/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107397
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107397
    title Solaris 10 (sparc) : 123938-03
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123939-04.NASL
    description GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Nov/15/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107901
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107901
    title Solaris 10 (x86) : 123939-04
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-166.NASL
    description verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. The provided packages have been patched to correct this issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24552
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24552
    title Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11228.NASL
    description A security problem in the GNU TLS library has been found : If an RSA key with exponent 3 is used, the PKCS padding gets removed before generating a hash, which allows remote attackers to forge a PKCS signature that apapears to be signed by that RSA key and prevents gnutls from correctly verifying the certificate. This bug has been tracked by the Mitre CVE ID CVE-2006-4790.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41101
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41101
    title SuSE9 Security Update : gnutls (YOU Patch Number 11228)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123939-03.NASL
    description GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Sep/13/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107900
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107900
    title Solaris 10 (x86) : 123939-03
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123938-04.NASL
    description GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Nov/15/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107398
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107398
    title Solaris 10 (sparc) : 123938-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123939.NASL
    description GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 123939 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 24386
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24386
    title Solaris 10 (x86) : 123939-05 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123938.NASL
    description GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 123938 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 24374
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24374
    title Solaris 10 (sparc) : 123938-05 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNUTLS-2117.NASL
    description A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. (CVE-2006-4790)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29447
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29447
    title SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0680.NASL
    description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22427
    published 2006-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22427
    title CentOS 4 : gnutls (CESA-2006:0680)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200609-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200609-15 (GnuTLS: RSA Signature Forgery) verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact : Remote attackers could forge PKCS #1 v1.5 signatures that are signed with an RSA key, preventing GnuTLS from correctly verifying X.509 and other certificates that use PKCS. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22459
    published 2006-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22459
    title GLSA-200609-15 : GnuTLS: RSA Signature Forgery
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123939-05.NASL
    description GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107902
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107902
    title Solaris 10 (x86) : 123939-05
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-2461.NASL
    description This update brings IBM Java 1.4.2 to Service Release 7. It contains several undisclosed security fixes, including the fix for the RSA attack similar to Mitre CVE ID CVE-2006-4790. It also contains timezone updates : - US daylightsaving time update starting 2007. - Western Australia daylight savings time introduction in December 2006. - Update to current timezone dataset.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29468
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29468
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 2461)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0680.NASL
    description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22360
    published 2006-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22360
    title RHEL 4 : gnutls (RHSA-2006:0680)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1182.NASL
    description Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22724
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22724
    title Debian DSA-1182-1 : gnutls11 - cryptographic weakness
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0680.NASL
    description From Red Hat Security Advisory 2006:0680 : Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67410
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67410
    title Oracle Linux 4 : gnutls (ELSA-2006-0680)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNUTLS-2118.NASL
    description A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. (CVE-2006-4790)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27242
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27242
    title openSUSE 10 Security Update : gnutls (gnutls-2118)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-348-1.NASL
    description The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27928
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27928
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : gnutls11, gnutls12 vulnerability (USN-348-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123938-05.NASL
    description GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107399
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107399
    title Solaris 10 (sparc) : 123938-05
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_64BF6234520D11DB8F1A000A48049292.NASL
    description Secunia reports : A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 22501
    published 2006-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22501
    title FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
oval via4
accepted 2013-04-29T04:23:27.748-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
family unix
id oval:org.mitre.oval:def:9937
status accepted
submitted 2010-07-09T03:56:16-04:00
title verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
version 23
redhat via4
advisories
bugzilla
id 206411
title CVE-2006-4790 RSA forgery affects gnutls
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0680
released 2006-09-14
severity Important
title RHSA-2006:0680: gnutls security update (Important)
refmap via4
bid 20027
confirm
debian DSA-1182
gentoo GLSA-200609-15
mandriva MDKSA-2006:166
mlist
  • [gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack
  • [gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack
sectrack 1016844
secunia
  • 21937
  • 21942
  • 21973
  • 22049
  • 22080
  • 22084
  • 22097
  • 22226
  • 22992
  • 25762
sunalert
  • 102648
  • 102970
suse
  • SUSE-SA:2007:010
  • SUSE-SR:2006:023
ubuntu USN-348-1
vupen
  • ADV-2006-3635
  • ADV-2006-3899
  • ADV-2007-2289
xf gnutls-rsakey-security-bypass(28953)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:42
Published 14-09-2006 - 15:07
Last modified 10-10-2017 - 21:31
Back to Top