Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4989

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4989
Last Modified 30 Oct 2012 11:06:22
Published 12 Nov 2008 08:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4989

Summary

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

Vulnerable Systems

Application

  • Gnutls 1.0.16

  • Gnutls 1.0.17

  • Gnutls 1.0.18

  • Gnutls 1.0.19

  • Gnutls 1.0.20

  • Gnutls 1.0.21

  • Gnutls 1.0.22

  • Gnutls 1.0.23

  • Gnutls 1.0.24

  • Gnutls 1.0.25

  • Gnutls 1.1.13

  • Gnutls 1.1.14

  • Gnutls 1.1.15

  • Gnutls 1.1.16

  • Gnutls 1.1.17

  • Gnutls 1.1.18

  • Gnutls 1.1.19

  • Gnutls 1.1.20

  • Gnutls 1.1.21

  • Gnutls 1.1.22

  • Gnutls 1.1.23

  • Gnutls 1.2.0

  • Gnutls 1.2.1

  • Gnutls 1.2.10

  • Gnutls 1.2.11

  • Gnutls 1.2.2

  • Gnutls 1.2.3

  • Gnutls 1.2.4

  • Gnutls 1.2.5

  • Gnutls 1.2.6

  • Gnutls 1.2.7

  • Gnutls 1.2.8

  • Gnutls 1.2.8.1a1

  • Gnutls 1.2.9

  • Gnutls 1.3.0

  • Gnutls 1.3.1

  • Gnutls 1.3.2

  • Gnutls 1.3.3

  • Gnutls 1.3.4

  • Gnutls 1.3.5

  • Gnutls 1.4.0

  • Gnutls 1.4.1

  • Gnutls 1.4.2

  • Gnutls 1.4.3

  • Gnutls 1.4.4

  • Gnutls 1.4.5

  • Gnutls 1.5.0

  • Gnutls 1.5.1

  • Gnutls 1.5.2

  • Gnutls 1.5.3

  • Gnutls 1.5.4

  • Gnutls 1.5.5

  • Gnutls 1.6.0

  • Gnutls 1.6.1

  • Gnutls 1.6.2

  • Gnutls 1.6.3

  • Gnutls 1.7.0

  • Gnutls 1.7.1

  • Gnutls 1.7.10

  • Gnutls 1.7.11

  • Gnutls 1.7.12

  • Gnutls 1.7.13

  • Gnutls 1.7.14

  • Gnutls 1.7.15

  • Gnutls 1.7.16

  • Gnutls 1.7.17

  • Gnutls 1.7.18

  • Gnutls 1.7.19

  • Gnutls 1.7.2

  • Gnutls 1.7.3

  • Gnutls 1.7.4

  • Gnutls 1.7.5

  • Gnutls 1.7.6

  • Gnutls 1.7.7

  • Gnutls 1.7.8

  • Gnutls 1.7.9

  • Gnutls 2.0.0

  • Gnutls 2.0.1

  • Gnutls 2.0.2

  • Gnutls 2.0.3

  • Gnutls 2.0.4

  • Gnutls 2.1.0

  • Gnutls 2.1.1

  • Gnutls 2.1.2

  • Gnutls 2.1.3

  • Gnutls 2.1.4

  • Gnutls 2.1.5

  • Gnutls 2.1.6

  • Gnutls 2.1.7

  • Gnutls 2.1.8

  • Gnutls 2.2.0

  • Gnutls 2.2.1

  • Gnutls 2.2.2

  • Gnutls 2.2.3

  • Gnutls 2.2.4

  • Gnutls 2.2.5

  • Gnutls 2.3.0

  • Gnutls 2.3.1

  • Gnutls 2.3.10

  • Gnutls 2.3.11

  • Gnutls 2.3.2

  • Gnutls 2.3.3

  • Gnutls 2.3.4

  • Gnutls 2.3.5

  • Gnutls 2.3.6

  • Gnutls 2.3.7

  • Gnutls 2.3.8

  • Gnutls 2.3.9

  • Gnutls 2.4.0

  • Gnutls 2.4.1

  • Gnutls 2.4.2

  • Gnutls 2.6.0


References

BID - 32232

MLIST - [gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]

FEDORA - FEDORA-2008-9600

FEDORA - FEDORA-2008-9530

XF - gnutls-x509-name-spoofing(46482)

VUPEN - ADV-2009-1567

VUPEN - ADV-2008-3086

UBUNTU - USN-678-1

UBUNTU - USN-678-2

SECTRACK - 1021167

REDHAT - RHSA-2008:0982

MANDRIVA - MDVSA-2008:227

CONFIRM - http://www.gnu.org/software/gnutls/security.html

DEBIAN - DSA-1719

SUNALERT - 260528

GENTOO - GLSA-200901-10

SECUNIA - 35423

SECUNIA - 33694

SECUNIA - 33501

SECUNIA - 32879

SECUNIA - 32687

SECUNIA - 32681

SECUNIA - 32619

SUSE - SUSE-SR:2009:009

SUSE - SUSE-SR:2008:027

MLIST - [gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989

CONFIRM - https://issues.rpath.com/browse/RPL-2886

BUGTRAQ - 20081117 rPSA-2008-0322-1 gnutls

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0322


Last Updated: 27 May 2016 11:01:21