National Cyber-Alert System

Vulnerability Summary for CVE-2006-4790

Overview

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: REDHAT

Name: RHSA-2006:0680

Type: Advisory; Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0680.html

External Source: CONFIRM

Name: http://www.gnu.org/software/gnutls/security.html

Type: Patch Information

Hyperlink:http://www.gnu.org/software/gnutls/security.html

External Source: MLIST

Name: [gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack

Hyperlink:http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html

External Source: MLIST

Name: [gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack

Hyperlink:http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html

External Source: XF

Name: gnutls-rsakey-security-bypass(28953)

Hyperlink:http://xforce.iss.net/xforce/xfdb/28953

External Source: UBUNTU

Name: USN-348-1

Hyperlink:http://www.ubuntu.com/usn/usn-348-1

External Source: BID

Name: 20027

Hyperlink:http://www.securityfocus.com/bid/20027

External Source: SUSE

Name: SUSE-SA:2007:010

Hyperlink:http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html

External Source: SUSE

Name: SUSE-SR:2006:023

Hyperlink:http://www.novell.com/linux/security/advisories/2006_23_sr.html

External Source: MANDRIVA

Name: MDKSA-2006:166

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:166

External Source: VUPEN

Name: ADV-2007-2289

Hyperlink:http://www.frsirt.com/english/advisories/2007/2289

External Source: VUPEN

Name: ADV-2006-3899

Hyperlink:http://www.frsirt.com/english/advisories/2006/3899

External Source: VUPEN

Name: ADV-2006-3635

Hyperlink:http://www.frsirt.com/english/advisories/2006/3635

External Source: DEBIAN

Name: DSA-1182

Hyperlink:http://www.debian.org/security/2006/dsa-1182

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

External Source: SUNALERT

Name: 102970

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1

External Source: SUNALERT

Name: 102648

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

External Source: SECTRACK

Name: 1016844

Hyperlink:http://securitytracker.com/id?1016844

External Source: GENTOO

Name: GLSA-200609-15

Hyperlink:http://security.gentoo.org/glsa/glsa-200609-15.xml

External Source: SECUNIA

Name: 25762

Hyperlink:http://secunia.com/advisories/25762

External Source: SECUNIA

Name: 22992

Hyperlink:http://secunia.com/advisories/22992

External Source: SECUNIA

Name: 22226

Hyperlink:http://secunia.com/advisories/22226

External Source: SECUNIA

Name: 22097

Hyperlink:http://secunia.com/advisories/22097

External Source: SECUNIA

Name: 22084

Hyperlink:http://secunia.com/advisories/22084

External Source: SECUNIA

Name: 22080

Hyperlink:http://secunia.com/advisories/22080

External Source: SECUNIA

Name: 22049

Hyperlink:http://secunia.com/advisories/22049

External Source: SECUNIA

Name: 21973

Hyperlink:http://secunia.com/advisories/21973

External Source: SECUNIA

Name: 21942

Hyperlink:http://secunia.com/advisories/21942

External Source: SECUNIA

Name: 21937

Hyperlink:http://secunia.com/advisories/21937

External Source: MANDRIVA

Name: MDKSA-2006:166

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:166