FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- RSA Signature Forgery Vulnerability

Affected packages
gnutls < 1.4.4
gnutls-devel < 1.4.4

Details

VuXML ID 64bf6234-520d-11db-8f1a-000a48049292
Discovery 2006-09-08
Entry 2006-10-02

Secunia reports:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.

References

Bugtraq ID 20027
CVE Name CVE-2006-4790
URL http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
URL http://secunia.com/advisories/21937