aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorsat <sat@FreeBSD.org>2006-10-02 20:05:49 +0800
committersat <sat@FreeBSD.org>2006-10-02 20:05:49 +0800
commit93585090479d1623d6f5474b2812a9f8b40dc34c (patch)
treec58aa170f73571236b47dba953eb0528fa97cc9e /security
parentc64a8fed645d8a95612129377ba3b25ade95e3aa (diff)
downloadfreebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.tar.gz
freebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.tar.zst
freebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.zip
- Document RSA Signature Forgery Vulnerability in gnutls
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4a49e46fad9d..8da25f9e56a8 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="64bf6234-520d-11db-8f1a-000a48049292">
+ <topic>gnutls -- RSA Signature Forgery Vulnerability</topic>
+ <affects>
+ <package>
+ <name>gnutls</name>
+ <name>gnutls-devel</name>
+ <range><lt>1.4.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote cite="http://secunia.com/advisories/21937">
+ <p>A vulnerability has been reported in GnuTLS, which can be
+ exploited by malicious people to bypass certain security
+ restrictions.</p>
+ <p>The vulnerability is caused due to an error in the
+ verification of certain signatures. If a RSA key with
+ exponent 3 is used, it may be possible to forge PKCS #1
+ v1.5 signatures signed with that key.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>20027</bid>
+ <cvename>CVE-2006-4790</cvename>
+ <url>http://secunia.com/advisories/21937</url>
+ <url>http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html</url>
+ </references>
+ <dates>
+ <discovery>2006-09-08</discovery>
+ <entry>2006-10-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="350a5bd9-520b-11db-8f1a-000a48049292">
<topic>MT -- Search Unspecified XSS</topic>
<affects>