Vulnerability CVE-2009-5138

Vulnerability Name:

CVE-2009-5138 (CCN-91544)

Assigned:

2009-01-09

Published:

2009-01-09

Updated:

2014-04-01

Summary:

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264
CWE-295

Vulnerability Consequences:

Bypass Security

References:

Source: MLIST
Type: UNKNOWN
[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)

Source: MITRE
Type: CNA
CVE-2009-5138

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0319

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0320

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0322

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0445

Source: CCN
Type: RHSA-2014-0247
Important: gnutls security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0247

Source: SECUNIA
Type: UNKNOWN
57254

Source: SECUNIA
Type: UNKNOWN
57260

Source: SECUNIA
Type: UNKNOWN
57274

Source: SECUNIA
Type: UNKNOWN
57321

Source: MLIST
Type: UNKNOWN
[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint

Source: MLIST
Type: UNKNOWN
[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)

Source: CCN
Type: IBM Security Bulletin 1020844
IBM Platform Cluster Manager Standard Edition (CVE-2014-0092, CVE-2009-5138)

Source: CCN
Type: Red Hat Bugzilla Bug 1069301
CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificate

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1069301

Source: XF
Type: UNKNOWN
gnutls-cve20095138-sec-bypass(91544)

Source: CCN
Type: GnuTLS GIT Repository
Corrected bit disable (was flipping instead)

Source: CONFIRM
Type: Exploit, Patch
https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2009-5138

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.7.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.7.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:*:*:*:*:*:*:*:* (Version <= 2.7.5)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20095138	V	CVE-2009-5138	2022-05-20
oval:org.opensuse.security:def:33063	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31691	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:36139	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36451	P	libgnutls-devel-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42546	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31617	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:32059	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:33102	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:32271	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:26030	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:27414	P	gnucash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26426	P	Security update for singularity (Moderate)	2020-12-01
oval:org.opensuse.security:def:26776	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26406	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26342	P	Security update for openjpeg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25892	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26367	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26285	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:25764	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:32425	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:26718	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31972	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:27137	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25700	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26679	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26265	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27102	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32359	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31823	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:27449	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26012	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:32320	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:26577	P	kvm on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25546	P	SUSE-SU-2014:0322-1 -- Security update for gnutls	2014-09-08
oval:org.mitre.oval:def:25237	P	SUSE-SU-2014:0319-1 -- Security update for gnutls	2014-09-08
oval:org.mitre.oval:def:25580	P	SUSE-SU-2014:0323-1 -- Security update for gnutls	2014-09-08
oval:org.mitre.oval:def:25330	P	SUSE-SU-2014:0320-1 -- Security update for gnutls	2014-09-08
oval:org.mitre.oval:def:25394	P	SUSE-SU-2014:0321-1 -- Security update for gnutls	2014-09-08
oval:org.mitre.oval:def:23918	P	RHSA-2014:0247: gnutls security update (Important)	2014-07-07
oval:org.mitre.oval:def:24255	P	ELSA-2014:0247: gnutls security update (Important)	2014-05-26
oval:com.ubuntu.precise:def:20095138000	V	CVE-2009-5138 on Ubuntu 12.04 LTS (precise) - medium.	2014-03-06
oval:com.redhat.rhsa:def:20140247	P	RHSA-2014:0247: gnutls security update (Important)	2014-03-03

BACK