CVE-2009-1417

EUVD-2009-1415
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
gnugnutls
𝑥
≤ 2.6.5
gnugnutls
1.0.16
gnugnutls
1.0.17
gnugnutls
1.0.18
gnugnutls
1.0.19
gnugnutls
1.0.20
gnugnutls
1.0.21
gnugnutls
1.0.22
gnugnutls
1.0.23
gnugnutls
1.0.24
gnugnutls
1.0.25
gnugnutls
1.1.13
gnugnutls
1.1.14
gnugnutls
1.1.15
gnugnutls
1.1.16
gnugnutls
1.1.17
gnugnutls
1.1.18
gnugnutls
1.1.19
gnugnutls
1.1.20
gnugnutls
1.1.21
gnugnutls
1.1.22
gnugnutls
1.1.23
gnugnutls
1.2.0
gnugnutls
1.2.1
gnugnutls
1.2.2
gnugnutls
1.2.3
gnugnutls
1.2.4
gnugnutls
1.2.5
gnugnutls
1.2.6
gnugnutls
1.2.7
gnugnutls
1.2.8
gnugnutls
1.2.8.1a1:a1
gnugnutls
1.2.9
gnugnutls
1.2.10
gnugnutls
1.2.11
gnugnutls
1.3.0
gnugnutls
1.3.1
gnugnutls
1.3.2
gnugnutls
1.3.3
gnugnutls
1.3.4
gnugnutls
1.3.5
gnugnutls
1.4.0
gnugnutls
1.4.1
gnugnutls
1.4.2
gnugnutls
1.4.3
gnugnutls
1.4.4
gnugnutls
1.4.5
gnugnutls
1.5.0
gnugnutls
1.5.1
gnugnutls
1.5.2
gnugnutls
1.5.3
gnugnutls
1.5.4
gnugnutls
1.5.5
gnugnutls
1.6.0
gnugnutls
1.6.1
gnugnutls
1.6.2
gnugnutls
1.6.3
gnugnutls
1.7.0
gnugnutls
1.7.1
gnugnutls
1.7.2
gnugnutls
1.7.3
gnugnutls
1.7.4
gnugnutls
1.7.5
gnugnutls
1.7.6
gnugnutls
1.7.7
gnugnutls
1.7.8
gnugnutls
1.7.9
gnugnutls
1.7.10
gnugnutls
1.7.11
gnugnutls
1.7.12
gnugnutls
1.7.13
gnugnutls
1.7.14
gnugnutls
1.7.15
gnugnutls
1.7.16
gnugnutls
1.7.17
gnugnutls
1.7.18
gnugnutls
1.7.19
gnugnutls
2.0.0
gnugnutls
2.0.1
gnugnutls
2.0.2
gnugnutls
2.0.3
gnugnutls
2.0.4
gnugnutls
2.1.0
gnugnutls
2.1.1
gnugnutls
2.1.2
gnugnutls
2.1.3
gnugnutls
2.1.4
gnugnutls
2.1.5
gnugnutls
2.1.6
gnugnutls
2.1.7
gnugnutls
2.1.8
gnugnutls
2.2.0
gnugnutls
2.2.1
gnugnutls
2.2.2
gnugnutls
2.2.3
gnugnutls
2.2.4
gnugnutls
2.2.5
gnugnutls
2.3.0
gnugnutls
2.3.1
gnugnutls
2.3.2
gnugnutls
2.3.3
gnugnutls
2.3.4
gnugnutls
2.3.5
gnugnutls
2.3.6
gnugnutls
2.3.7
gnugnutls
2.3.8
gnugnutls
2.3.9
gnugnutls
2.3.10
gnugnutls
2.3.11
gnugnutls
2.4.0
gnugnutls
2.4.1
gnugnutls
2.4.2
gnugnutls
2.6.0
gnugnutls
2.6.1
gnugnutls
2.6.2
gnugnutls
2.6.3
gnugnutls
2.6.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls11
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
gnutls12
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
gnutls13
dapper
dne
hardy
ignored
intrepid
dne
jaunty
dne
gnutls26
dapper
dne
hardy
dne
intrepid
ignored
jaunty
ignored
Common Weakness Enumeration
References
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://www.securityfocus.com/bid/34783
http://www.securitytracker.com/id?1022159
http://www.vupen.com/english/advisories/2009/1218
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://www.securityfocus.com/bid/34783
http://www.securitytracker.com/id?1022159
http://www.vupen.com/english/advisories/2009/1218
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261