Vulnerability CVE-2009-1416 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1416 (CCN-50260)

Assigned:

2009-04-30

Published:

2009-04-30

Updated:

2009-06-10

Summary:

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: gnutls-devel Mailing List, 2009-04-30 10:36:50 GMT
All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]

Source: MLIST
Type: Exploit, Patch
[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]

Source: MITRE
Type: CNA
CVE-2009-1416

Source: MLIST
Type: Vendor Advisory
[help-gnutls] 20090420 Encryption using DSA keys

Source: CCN
Type: SA34842
GnuTLS Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
34842

Source: SECUNIA
Type: UNKNOWN
35211

Source: GENTOO
Type: UNKNOWN
GLSA-200905-04

Source: CCN
Type: SECTRACK ID: 1022158
GnuTLS DSA Key Generation Creates RSA Keys Instead of DSA Keys

Source: CCN
Type: GLSA-200905-04
GnuTLS: Multiple vulnerabilities

Source: CCN
Type: GNU TLS Library Project Web site
The GNU Transport Layer Security Library

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:116

Source: CCN
Type: OSVDB ID: 54623
GnuTLS libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing

Source: BID
Type: UNKNOWN
34783

Source: CCN
Type: BID-34783
GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022158

Source: VUPEN
Type: UNKNOWN
ADV-2009-1218

Source: XF
Type: UNKNOWN
gnutls-dsa-spoofing(50260)

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable