#VU41959 Permissions, Privileges, and Access Controls in GnuTLS - CVE-2009-5138

Cybersecurity Help s.r.o.

Published: 2014-03-07 | Updated: 2020-08-10

Vulnerability identifier: #VU41959

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2009-5138

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

Mitigation
Install update from vendor's website.

Vulnerable software versions

GnuTLS: 2.7.0 - 2.7.4

External links
https://article.gmane.org/gmane.comp.security.oss.general/12223
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
https://rhn.redhat.com/errata/RHSA-2014-0247.html
https://secunia.com/advisories/57254
https://secunia.com/advisories/57260
https://secunia.com/advisories/57274
https://secunia.com/advisories/57321
https://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361
https://thread.gmane.org/gmane.comp.security.oss.general/12127
https://bugzilla.redhat.com/show_bug.cgi?id=1069301
https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in GnuTLS

SUSE Linux update for gnutls