CVE-2009-1416

Name of the Vulnerable Software and Affected Versions GnuTLS versions 2.5.0 through 2.6.5

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially allowing attackers to spoof signatures on certificates or have other unspecified impacts by leveraging an invalid DSA key. The problem arises from the generation of RSA keys stored in DSA structures instead of the intended DSA keys in the libgnutls library.

Recommendations For versions 2.5.0 through 2.6.5, update to version 2.6.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the lib/gnutls pk.c function in libgnutls until a patch is available. Avoid using the affected libgnutls library for certificate signature verification until the issue is resolved.