Test ID:	1.3.6.1.4.1.25623.1.0.57392
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-348-1 (gnutls12)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnutls12 announced via advisory USN-348-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libgnutls11 1.0.16-13ubuntu0.3 Ubuntu 5.10: libgnutls11 1.0.16-13.1ubuntu1.2 Ubuntu 6.06 LTS: libgnutls11 1.0.16-14ubuntu1.1 libgnutls12 1.2.9-2ubuntu1.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-348-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4790 1016844 http://securitytracker.com/id?1016844 102648 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 102970 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 20027 http://www.securityfocus.com/bid/20027 21937 http://secunia.com/advisories/21937 21942 http://secunia.com/advisories/21942 21973 http://secunia.com/advisories/21973 22049 http://secunia.com/advisories/22049 22080 http://secunia.com/advisories/22080 22084 http://secunia.com/advisories/22084 22097 http://secunia.com/advisories/22097 22226 http://secunia.com/advisories/22226 22992 http://secunia.com/advisories/22992 25762 http://secunia.com/advisories/25762 ADV-2006-3635 http://www.vupen.com/english/advisories/2006/3635 ADV-2006-3899 http://www.vupen.com/english/advisories/2006/3899 ADV-2007-2289 http://www.vupen.com/english/advisories/2007/2289 DSA-1182 http://www.debian.org/security/2006/dsa-1182 GLSA-200609-15 http://security.gentoo.org/glsa/glsa-200609-15.xml MDKSA-2006:166 http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 RHSA-2006:0680 http://www.redhat.com/support/errata/RHSA-2006-0680.html SUSE-SA:2007:010 http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html SUSE-SR:2006:023 http://www.novell.com/linux/security/advisories/2006_23_sr.html USN-348-1 http://www.ubuntu.com/usn/usn-348-1 [gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html [gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html gnutls-rsakey-security-bypass(28953) https://exchange.xforce.ibmcloud.com/vulnerabilities/28953 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.gnu.org/software/gnutls/security.html oval:org.mitre.oval:def:9937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.