CVE-2009-1416

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
gnugnutls
2.5.0
gnugnutls
2.6.0
gnugnutls
2.6.1
gnugnutls
2.6.2
gnugnutls
2.6.3
gnugnutls
2.6.4
gnugnutls
2.6.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls11
jaunty
dne
intrepid
dne
hardy
dne
dapper
not-affected
gnutls12
jaunty
dne
intrepid
dne
hardy
dne
dapper
not-affected
gnutls13
jaunty
dne
intrepid
dne
hardy
not-affected
dapper
dne
gnutls26
jaunty
not-affected
intrepid
not-affected
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://www.securityfocus.com/bid/34783
http://www.securitytracker.com/id?1022158
http://www.vupen.com/english/advisories/2009/1218
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://www.securityfocus.com/bid/34783
http://www.securitytracker.com/id?1022158
http://www.vupen.com/english/advisories/2009/1218