fkie_cve-2006-4790
Vulnerability from fkie_nvd
Published
2006-09-14 19:07
Modified
2025-04-03 01:03
Severity ?
Summary
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 1.0.17 | |
| gnu | gnutls | 1.0.18 | |
| gnu | gnutls | 1.0.19 | |
| gnu | gnutls | 1.0.20 | |
| gnu | gnutls | 1.0.21 | |
| gnu | gnutls | 1.0.22 | |
| gnu | gnutls | 1.0.23 | |
| gnu | gnutls | 1.0.24 | |
| gnu | gnutls | 1.0.25 | |
| gnu | gnutls | 1.1.14 | |
| gnu | gnutls | 1.1.15 | |
| gnu | gnutls | 1.1.16 | |
| gnu | gnutls | 1.1.17 | |
| gnu | gnutls | 1.1.18 | |
| gnu | gnutls | 1.1.19 | |
| gnu | gnutls | 1.1.20 | |
| gnu | gnutls | 1.1.21 | |
| gnu | gnutls | 1.1.22 | |
| gnu | gnutls | 1.1.23 | |
| gnu | gnutls | 1.2.0 | |
| gnu | gnutls | 1.2.1 | |
| gnu | gnutls | 1.2.2 | |
| gnu | gnutls | 1.2.3 | |
| gnu | gnutls | 1.2.4 | |
| gnu | gnutls | 1.2.5 | |
| gnu | gnutls | 1.2.6 | |
| gnu | gnutls | 1.2.7 | |
| gnu | gnutls | 1.2.8 | |
| gnu | gnutls | 1.2.8.1a1 | |
| gnu | gnutls | 1.2.9 | |
| gnu | gnutls | 1.2.10 | |
| gnu | gnutls | 1.2.11 | |
| gnu | gnutls | 1.3.0 | |
| gnu | gnutls | 1.3.1 | |
| gnu | gnutls | 1.3.2 | |
| gnu | gnutls | 1.3.3 | |
| gnu | gnutls | 1.3.4 | |
| gnu | gnutls | 1.3.5 | |
| gnu | gnutls | 1.4.0 | |
| gnu | gnutls | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339."
},
{
"lang": "es",
"value": "verify.c en GnuTLS anterior a 1.4.4, cuando usamos una llave RSA con exponente 3, no maneja correctamente el exceso de datos en el campo digestAlgorithm.parameters al generar un hash, el cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que es firmada por esa llave RSA y evita que GnuTLS verifique correctamente X.509 y otros certificados que utilicen PKCS, es una variante de CVE-2006-4339."
}
],
"id": "CVE-2006-4790",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-14T19:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21937"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21942"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21973"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22049"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22084"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22097"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22226"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25762"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016844"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20027"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…