PT-2014-2069 · Gnu+2 · Gnutls+2
Tomas Hoger
·
Published
2014-03-03
·
Updated
2014-04-01
·
CVE-2009-5138
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GnuTLS versions prior to 2.7.6
Description
The issue allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. This occurs when the GNUTLS VERIFY ALLOW X509 V1 CA CRT flag is not enabled, causing version 1 X.509 certificates to be treated as intermediate CAs.
Recommendations
For versions prior to 2.7.6, update to version 2.7.6 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnutls
Red Hat
Suse