Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-4989

Опубликовано: 13 нояб. 2008
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3
CVSS3: 5.9

Описание

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

released

1.2.9-2ubuntu1.3
devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

released

1.6.3-1ubuntu0.2
hardy

released

2.0.4-1ubuntu2.2
intrepid

DNE

jaunty

DNE

karmic

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

2.4.2-3
gutsy

DNE

hardy

DNE

intrepid

released

2.4.1-1ubuntu0.1
jaunty

not-affected

2.4.2-3
karmic

not-affected

2.4.2-3
upstream

released

2.4.2-3

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2008-4989

redhat
около 17 лет назад

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

nvd логотип

CVE-2008-4989

CVSS3: 5.9
nvd
около 17 лет назад

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

debian логотип

CVE-2008-4989

CVSS3: 5.9
debian
около 17 лет назад

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in l ...

github логотип

GHSA-8ph9-x262-cchw

CVSS3: 5.9
github
больше 3 лет назад

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

oracle-oval логотип

ELSA-2008-0982

oracle-oval
около 17 лет назад

ELSA-2008-0982: gnutls security update (MODERATE)

4.3 Medium

CVSS2

5.9 Medium

CVSS3