Description
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
secalert@redhat.com
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.htmlsecalert@redhat.com
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.htmlsecalert@redhat.com
http://secunia.com/advisories/21937secalert@redhat.com
http://secunia.com/advisories/21942secalert@redhat.com
http://secunia.com/advisories/21973secalert@redhat.com
http://secunia.com/advisories/22049secalert@redhat.com
http://secunia.com/advisories/22080secalert@redhat.com
http://secunia.com/advisories/22084secalert@redhat.com
http://secunia.com/advisories/22097secalert@redhat.com
http://secunia.com/advisories/22226secalert@redhat.com
http://secunia.com/advisories/22992secalert@redhat.com
http://secunia.com/advisories/25762secalert@redhat.com
http://security.gentoo.org/glsa/glsa-200609-15.xmlsecalert@redhat.com
http://securitytracker.com/id?1016844secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1secalert@redhat.com
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmsecalert@redhat.com
http://www.debian.org/security/2006/dsa-1182secalert@redhat.com
http://www.gnu.org/software/gnutls/security.htmlsecalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166secalert@redhat.com
http://www.novell.com/linux/security/advisories/2006_23_sr.htmlsecalert@redhat.com
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlsecalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2006-0680.htmlsecalert@redhat.com
http://www.securityfocus.com/bid/20027secalert@redhat.com
http://www.ubuntu.com/usn/usn-348-1secalert@redhat.com
http://www.vupen.com/english/advisories/2006/3635secalert@redhat.com
http://www.vupen.com/english/advisories/2006/3899secalert@redhat.com
http://www.vupen.com/english/advisories/2007/2289secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937af854a3a-2127-422b-91ae-364da2661108
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.htmlaf854a3a-2127-422b-91ae-364da2661108
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.htmlaf854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21937af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21942af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21973af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22049af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22080af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22084af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22097af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22226af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22992af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25762af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200609-15.xmlaf854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1016844af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmaf854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2006/dsa-1182af854a3a-2127-422b-91ae-364da2661108
http://www.gnu.org/software/gnutls/security.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2006_23_sr.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2006-0680.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/20027af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-348-1af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3635af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3899af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2289af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937