Vulnerabilities > CVE-2006-4790 - Unspecified vulnerability in GNU Gnutls

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
gnu
nessus
NVD
Published: 2006-09-14
Updated: 2017-10-11

Summary

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Vulnerable Configurations

Part Description Count
Application
Gnu
40

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-348-1.NASL
    descriptionThe GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27928
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27928
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : gnutls11, gnutls12 vulnerability (USN-348-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123938-04.NASL
    descriptionGNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Nov/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107398
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107398
    titleSolaris 10 (sparc) : 123938-04
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123939-05.NASL
    descriptionGNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107902
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107902
    titleSolaris 10 (x86) : 123939-05
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200609-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200609-15 (GnuTLS: RSA Signature Forgery) verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact : Remote attackers could forge PKCS #1 v1.5 signatures that are signed with an RSA key, preventing GnuTLS from correctly verifying X.509 and other certificates that use PKCS. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22459
    published2006-09-27
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22459
    titleGLSA-200609-15 : GnuTLS: RSA Signature Forgery
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-166.NASL
    descriptionverify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. The provided packages have been patched to correct this issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24552
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24552
    titleMandrake Linux Security Advisory : gnutls (MDKSA-2006:166)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123939-03.NASL
    descriptionGNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Sep/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107900
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107900
    titleSolaris 10 (x86) : 123939-03
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0680.NASL
    descriptionFrom Red Hat Security Advisory 2006:0680 : Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67410
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67410
    titleOracle Linux 4 : gnutls (ELSA-2006-0680)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_64BF6234520D11DB8F1A000A48049292.NASL
    descriptionSecunia reports : A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.
    last seen2020-06-01
    modified2020-06-02
    plugin id22501
    published2006-10-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22501
    titleFreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123939-04.NASL
    descriptionGNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Nov/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107901
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107901
    titleSolaris 10 (x86) : 123939-04
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-2117.NASL
    descriptionA security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. (CVE-2006-4790)
    last seen2020-06-01
    modified2020-06-02
    plugin id29447
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29447
    titleSuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-974.NASL
    description - Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.2.10-3 - detect forged signatures - CVE-2006-4790 (#206411), patch from upstream - Tue May 16 2006 Tomas Mraz <tmraz at redhat.com> - 1.2.10-2 - added missing buildrequires Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24178
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24178
    titleFedora Core 5 : gnutls-1.2.10-3 (2006-974)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-2461.NASL
    descriptionThis update brings IBM Java 1.4.2 to Service Release 7. It contains several undisclosed security fixes, including the fix for the RSA attack similar to Mitre CVE ID CVE-2006-4790. It also contains timezone updates : - US daylightsaving time update starting 2007. - Western Australia daylight savings time introduction in December 2006. - Update to current timezone dataset.
    last seen2020-06-01
    modified2020-06-02
    plugin id29468
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29468
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 2461)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123938.NASL
    descriptionGNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 123938 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24374
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24374
    titleSolaris 10 (sparc) : 123938-05 (deprecated)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0680.NASL
    descriptionUpdated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22427
    published2006-09-22
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22427
    titleCentOS 4 : gnutls (CESA-2006:0680)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123938-03.NASL
    descriptionGNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Sep/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107397
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107397
    titleSolaris 10 (sparc) : 123938-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123939.NASL
    descriptionGNOME 2.6.0_x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 123939 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24386
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24386
    titleSolaris 10 (x86) : 123939-05 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-2118.NASL
    descriptionA security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. (CVE-2006-4790)
    last seen2020-06-01
    modified2020-06-02
    plugin id27242
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27242
    titleopenSUSE 10 Security Update : gnutls (gnutls-2118)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0680.NASL
    descriptionUpdated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22360
    published2006-09-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22360
    titleRHEL 4 : gnutls (RHSA-2006:0680)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11228.NASL
    descriptionA security problem in the GNU TLS library has been found : If an RSA key with exponent 3 is used, the PKCS padding gets removed before generating a hash, which allows remote attackers to forge a PKCS signature that apapears to be signed by that RSA key and prevents gnutls from correctly verifying the certificate. This bug has been tracked by the Mitre CVE ID CVE-2006-4790.
    last seen2020-06-01
    modified2020-06-02
    plugin id41101
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41101
    titleSuSE9 Security Update : gnutls (YOU Patch Number 11228)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1182.NASL
    descriptionDaniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid.
    last seen2020-06-01
    modified2020-06-02
    plugin id22724
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22724
    titleDebian DSA-1182-1 : gnutls11 - cryptographic weakness
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123938-05.NASL
    descriptionGNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107399
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107399
    titleSolaris 10 (sparc) : 123938-05

Oval

accepted2013-04-29T04:23:27.748-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionverify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
familyunix
idoval:org.mitre.oval:def:9937
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleverify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
version26

Redhat

advisories
bugzilla
id206411
titleCVE-2006-4790 RSA forgery affects gnutls
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentgnutls is earlier than 0:1.0.20-3.2.3
          ovaloval:com.redhat.rhsa:tst:20060680001
        • commentgnutls is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060207002
      • AND
        • commentgnutls-devel is earlier than 0:1.0.20-3.2.3
          ovaloval:com.redhat.rhsa:tst:20060680003
        • commentgnutls-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060207004
rhsa
idRHSA-2006:0680
released2006-09-14
severityImportant
titleRHSA-2006:0680: gnutls security update (Important)
rpms
  • gnutls-0:1.0.20-3.2.3
  • gnutls-debuginfo-0:1.0.20-3.2.3
  • gnutls-devel-0:1.0.20-3.2.3

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References