1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32619

GnuTLS X.509 Certificate Chain Validation Vulnerability

Report ID: SA32619
Source: Secunia
Date of Discovery: 10.11.2008
Criticality: Moderate
Affects:
GnuTLS 2.x
Compromise From: From remote
Compromise Type: Spoofing
Security bypass

Summary

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

Detailed Description

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack.

The vulnerability is reported in versions prior to 2.6.1.

Solution

Update to version 2.6.1.

CVE Reference

CVE-2008-4989