Back to search
CVE-2009-5138
Published: Mar 6, 2014
Modified: Aug 7, 2024
PUBLISHED
Description
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
57321
third-party-advisory
x_refsource_SECUNIA
57260
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2014:0445
vendor-advisory
x_refsource_SUSE
57274
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2014:0319
vendor-advisory
x_refsource_SUSE
[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)
mailing-list
x_refsource_MLIST
RHSA-2014:0247
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2014:0320
vendor-advisory
x_refsource_SUSE
SUSE-SU-2014:0322
vendor-advisory
x_refsource_SUSE
[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint
mailing-list
x_refsource_MLIST
57254
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1069301
x_refsource_CONFIRM
[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now