gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50261 | vdb entry |
| http://www.securitytracker.com/id?1022159 | vdb entry |
| http://www.vupen.com/english/advisories/2009/1218 | vdb entry |
| http://www.securityfocus.com/bid/34783 | vdb entry |
| http://security.gentoo.org/glsa/glsa-200905-04.xml | vendor advisory |
| http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517 | patch mailing list |
| http://secunia.com/advisories/34842 | third party advisory vendor advisory |
| http://secunia.com/advisories/35211 | third party advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 | vendor advisory |