CVE-2006-4790
CVE-2006-4790
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.htmlhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.htmlhttp://secunia.com/advisories/21937http://secunia.com/advisories/21942http://secunia.com/advisories/21973http://secunia.com/advisories/22049http://secunia.com/advisories/22080http://secunia.com/advisories/22084http://secunia.com/advisories/22097http://secunia.com/advisories/22226http://secunia.com/advisories/22992http://secunia.com/advisories/25762