[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1416Date: (C)2009-04-30   (M)2024-02-16


lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022158
BID-34783
SECUNIA-34842
SECUNIA-35211
ADV-2009-1218
GLSA-200905-04
MDVSA-2009:116
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html

CPE    7
cpe:/a:gnu:gnutls:2.6.5
cpe:/a:gnu:gnutls:2.6.4
cpe:/a:gnu:gnutls:2.6.3
cpe:/a:gnu:gnutls:2.6.2
...
CWE    1
CWE-310
OVAL    1
oval:org.secpod.oval:def:300822

© SecPod Technologies