CVE-2006-4790 - verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle exc

CVE-2006-4790

Summary

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

References

Vulnerable Configurations

cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

oval via4

accepted

2013-04-29T04:23:27.748-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9937

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

bugzilla

id	1618201
title	CVE-2006-4790 security flaw

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment gnutls is earlier than 0:1.0.20-3.2.3
oval oval:com.redhat.rhsa:tst:20060680001
comment gnutls is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060207002
AND
comment gnutls-devel is earlier than 0:1.0.20-3.2.3
oval oval:com.redhat.rhsa:tst:20060680003
comment gnutls-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060207004

rhsa

id	RHSA-2006:0680
released	2006-09-14
severity	Important
title	RHSA-2006:0680: gnutls security update (Important)

rpms

gnutls-0:1.0.20-3.2.3
gnutls-debuginfo-0:1.0.20-3.2.3
gnutls-devel-0:1.0.20-3.2.3

refmap via4

bid	20027
confirm	http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.gnu.org/software/gnutls/security.html
debian	DSA-1182
gentoo	GLSA-200609-15
mandriva	MDKSA-2006:166
mlist	[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack [gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack
sectrack	1016844
secunia	21937 21942 21973 22049 22080 22084 22097 22226 22992 25762
sunalert	102648 102970
suse	SUSE-SA:2007:010 SUSE-SR:2006:023
ubuntu	USN-348-1
vupen	ADV-2006-3635 ADV-2006-3899 ADV-2007-2289
xf	gnutls-rsakey-security-bypass(28953)

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

11-10-2017 - 01:31

Published

14-09-2006 - 19:07

Last modified

11-10-2017 - 01:31