CVE-2014-1959

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

References

http://seclists.org/oss-sec/2014/q1/344

http://seclists.org/oss-sec/2014/q1/345

http://www.debian.org/security/2014/dsa-2866

http://www.gnutls.org/security.html

http://www.securityfocus.com/bid/65559

http://www.ubuntu.com/usn/USN-2121-1

https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c

Details

Source: MITRE

Published: 2014-03-07

Updated: 2016-11-28

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
82325Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)NessusMandriva Local Security Checks
medium
76061GLSA-201406-09 : GnuTLS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
72808FreeBSD : gnutls -- multiple certificate verification issues (f645aa90-a3e8-11e3-a422-3c970e169bc2)NessusFreeBSD Local Security Checks
medium
72701Ubuntu 12.04 LTS / 12.10 / 13.10 : gnutls26 vulnerability (USN-2121-1)NessusUbuntu Local Security Checks
medium
72675Fedora 20 : mingw-gnutls-3.1.21-1.fc20 (2014-2583)NessusFedora Local Security Checks
medium
72674Fedora 19 : mingw-gnutls-3.1.21-1.fc19 (2014-2565)NessusFedora Local Security Checks
medium
72647Debian DSA-2866-1 : gnutls26 - certificate verification flawNessusDebian Local Security Checks
medium
72632Fedora 19 : gnutls-3.1.20-3.fc19 (2014-2588)NessusFedora Local Security Checks
medium
72596Mandriva Linux Security Advisory : gnutls (MDVSA-2014:043)NessusMandriva Local Security Checks
medium
72589Slackware 14.0 / 14.1 / current : gnutls (SSA:2014-050-01)NessusSlackware Local Security Checks
medium
72547Fedora 20 : gnutls-3.1.20-3.fc20 (2014-2580)NessusFedora Local Security Checks
medium