CVE-2008-4989
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/32619http://secunia.com/advisories/32681http://secunia.com/advisories/32687http://secunia.com/advisories/32879http://secunia.com/advisories/33501http://secunia.com/advisories/33694http://secunia.com/advisories/35423http://security.gentoo.org/glsa/glsa-200901-10.xml