Vulnerability Details : CVE-2009-1416
Potential exploit
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Products affected by CVE-2009-1416
- cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1416
5.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1416
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-1416
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1416
-
Red Hat 2009-09-21Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.
References for CVE-2009-1416
-
http://www.securitytracker.com/id?1022158
-
http://secunia.com/advisories/35211
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
Mandriva
-
http://www.vupen.com/english/advisories/2009/1218
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200905-04.xml
GnuTLS: Multiple vulnerabilities (GLSA 200905-04) — Gentoo security
-
http://www.securityfocus.com/bid/34783
-
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Exploit;Patch
-
http://secunia.com/advisories/34842
About Secunia Research | FlexeraVendor Advisory
Jump to