Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11179

HistoryJan 15, 2019 - 8:58 a.m.

Authorization Bypass

2019-01-1508:58:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

0.007 Low

EPSS

Percentile

79.5%

gnutls is vulnerable to authorization bypass attacks. The vulnerability exists as GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

CPENameOperatorVersion
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__10.el5_9.2
gnutlseq1.4.1__7.el5_8.2
gnutlseq1.4.1__3.el5_2.1
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__10.el5_9.1
gnutlseq1.4.1__10.el5
gnutlseq1.4.1__3.el5_1

References

article.gmane.org/gmane.comp.security.oss.general/12223

lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html

rhn.redhat.com/errata/RHSA-2014-0247.html

secunia.com/advisories/57254

secunia.com/advisories/57260

secunia.com/advisories/57274

secunia.com/advisories/57321

thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361

thread.gmane.org/gmane.comp.security.oss.general/12127

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1069301

gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd

rhn.redhat.com/errata/RHSA-2014-0247.html

0.007 Low

EPSS

Percentile

79.5%

Related for VERACODE:11179

cve2 prion2 nvd2 cvelist2 debiancve2 ubuntucve2 f52 openvas42 securityvulns2 fedora13 mageia1 debian3 slackware1 nessus18 checkpoint_advisories1 ubuntu1 suse6 ibm1 centos1 redhat1 freebsd1 altlinux2 gentoo1 oraclelinux2