Lucene search

PRIOn knowledge basePRION:CVE-2009-5138

HistoryMar 07, 2014 - 12:10 a.m.

Code injection

2014-03-0700:10:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.5%

JSON

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

CPENameOperatorVersion
gnutlseq2.7.3
gnutlseq2.7.4
gnutlseq2.7.0
gnutlseq2.7.1
gnutlsle2.7.5
gnutlseq2.7.2

Name	Operator	Version
gnutls	eq	2.7.3
gnutls	eq	2.7.4
gnutls	eq	2.7.0
gnutls	eq	2.7.1
gnutls	le	2.7.5
gnutls	eq	2.7.2

References

article.gmane.org/gmane.comp.security.oss.general/12223

lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html

rhn.redhat.com/errata/RHSA-2014-0247.html

secunia.com/advisories/57254

secunia.com/advisories/57260

secunia.com/advisories/57274

secunia.com/advisories/57321

thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361

thread.gmane.org/gmane.comp.security.oss.general/12127

bugzilla.redhat.com/show_bug.cgi?id=1069301

gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd