diff options
author | sat <sat@FreeBSD.org> | 2006-10-02 20:05:49 +0800 |
---|---|---|
committer | sat <sat@FreeBSD.org> | 2006-10-02 20:05:49 +0800 |
commit | 93585090479d1623d6f5474b2812a9f8b40dc34c (patch) | |
tree | c58aa170f73571236b47dba953eb0528fa97cc9e /security | |
parent | c64a8fed645d8a95612129377ba3b25ade95e3aa (diff) | |
download | freebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.tar.gz freebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.tar.zst freebsd-ports-gnome-93585090479d1623d6f5474b2812a9f8b40dc34c.zip |
- Document RSA Signature Forgery Vulnerability in gnutls
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4a49e46fad9d..8da25f9e56a8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="64bf6234-520d-11db-8f1a-000a48049292"> + <topic>gnutls -- RSA Signature Forgery Vulnerability</topic> + <affects> + <package> + <name>gnutls</name> + <name>gnutls-devel</name> + <range><lt>1.4.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/21937"> + <p>A vulnerability has been reported in GnuTLS, which can be + exploited by malicious people to bypass certain security + restrictions.</p> + <p>The vulnerability is caused due to an error in the + verification of certain signatures. If a RSA key with + exponent 3 is used, it may be possible to forge PKCS #1 + v1.5 signatures signed with that key.</p> + </blockquote> + </body> + </description> + <references> + <bid>20027</bid> + <cvename>CVE-2006-4790</cvename> + <url>http://secunia.com/advisories/21937</url> + <url>http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html</url> + </references> + <dates> + <discovery>2006-09-08</discovery> + <entry>2006-10-02</entry> + </dates> + </vuln> + <vuln vid="350a5bd9-520b-11db-8f1a-000a48049292"> <topic>MT -- Search Unspecified XSS</topic> <affects> |