Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-1417

Опубликовано: 30 апр. 2009
Источник: redhat
CVSS2: 4.3

Описание

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

Отчет

The Red Hat Product Security has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=497983gnutls: certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3]

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-1417

ubuntu
почти 17 лет назад

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

nvd логотип

CVE-2009-1417

nvd
почти 17 лет назад

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

debian логотип

CVE-2009-1417

debian
почти 17 лет назад

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and e ...

github логотип

GHSA-f5mp-3h5g-9fgh

github
почти 4 года назад

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

fstec логотип

BDU:2015-09391

fstec
больше 16 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

4.3 Medium

CVSS2