lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html | mailing list vendor advisory |
| http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516 | mailing list exploit patch |
| http://www.securitytracker.com/id?1022158 | vdb entry |
| http://www.vupen.com/english/advisories/2009/1218 | vdb entry |
| http://www.securityfocus.com/bid/34783 | vdb entry |
| http://security.gentoo.org/glsa/glsa-200905-04.xml | vendor advisory |
| http://secunia.com/advisories/34842 | third party advisory vendor advisory |
| http://secunia.com/advisories/35211 | third party advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 | vendor advisory |