FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

A vulnerability has been reported in GnuTLS, which can be exploited by
malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the verification of
certain signatures. If a RSA key with exponent 3 is used, it may be
possible to forge PKCS #1 v1.5 signatures signed with that key.

See also :

http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://www.nessus.org/u?4cc429ac

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22501 (freebsd_pkg_64bf6234520d11db8f1a000a48049292.nasl)

Bugtraq ID: 20027

CVE ID: CVE-2006-4790

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now