Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-348-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.12.2006.348.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-348-1)
Summary:	The remote host is missing an update for the 'gnutls11, gnutls12' package(s) announced via the USN-348-1 advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls11, gnutls12' package(s) announced via the USN-348-1 advisory. Vulnerability Insight: The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Affected Software/OS: 'gnutls11, gnutls12' package(s) on Ubuntu 5.04, Ubuntu 5.10, Ubuntu 6.06. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4790 1016844 http://securitytracker.com/id?1016844 102648 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 102970 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 20027 http://www.securityfocus.com/bid/20027 21937 http://secunia.com/advisories/21937 21942 http://secunia.com/advisories/21942 21973 http://secunia.com/advisories/21973 22049 http://secunia.com/advisories/22049 22080 http://secunia.com/advisories/22080 22084 http://secunia.com/advisories/22084 22097 http://secunia.com/advisories/22097 22226 http://secunia.com/advisories/22226 22992 http://secunia.com/advisories/22992 25762 http://secunia.com/advisories/25762 ADV-2006-3635 http://www.vupen.com/english/advisories/2006/3635 ADV-2006-3899 http://www.vupen.com/english/advisories/2006/3899 ADV-2007-2289 http://www.vupen.com/english/advisories/2007/2289 DSA-1182 http://www.debian.org/security/2006/dsa-1182 GLSA-200609-15 http://security.gentoo.org/glsa/glsa-200609-15.xml MDKSA-2006:166 http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 RHSA-2006:0680 http://www.redhat.com/support/errata/RHSA-2006-0680.html SUSE-SA:2007:010 http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html SUSE-SR:2006:023 http://www.novell.com/linux/security/advisories/2006_23_sr.html USN-348-1 http://www.ubuntu.com/usn/usn-348-1 [gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html [gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html gnutls-rsakey-security-bypass(28953) https://exchange.xforce.ibmcloud.com/vulnerabilities/28953 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.gnu.org/software/gnutls/security.html oval:org.mitre.oval:def:9937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
Copyright	Copyright (C) 2022 Greenbone AG