NuytsTech Security

CVE-2006-4790

by ·

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Date published : 2006-09-14

http://www.securityfocus.com/bid/20027

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

Tags: