NVD Vulnerability Detail

CVE-2009-1416

Summary	lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Summary	lib/gnutls_pk.c en libgnutls en GnuTLS v2.5.0 hasta v2.6.5 genera claves RSA almacenados en estructuras DSA, en lugar de las claves DSA previstas, lo cual podría permitir a atacantes remotos suplantar firmas en los certificados o tener otro impacto no especificado por el utilizamiento de una clave DSA no es válida.
Publication Date	May 1, 2009, 5:30 a.m.
Registration Date	Jan. 29, 2021, 1:17 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource
1	http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516	cve@mitre.org
2	http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html	cve@mitre.org
3	http://secunia.com/advisories/34842	cve@mitre.org
4	http://secunia.com/advisories/35211	cve@mitre.org
5	http://security.gentoo.org/glsa/glsa-200905-04.xml	cve@mitre.org
6	http://www.mandriva.com/security/advisories?name=MDVSA-2009:116	cve@mitre.org
7	http://www.securityfocus.com/bid/34783	cve@mitre.org
8	http://www.securitytracker.com/id?1022158	cve@mitre.org
9	http://www.vupen.com/english/advisories/2009/1218	cve@mitre.org
10	http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516	af854a3a-2127-422b-91ae-364da2661108
11	http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/34842	af854a3a-2127-422b-91ae-364da2661108
13	http://secunia.com/advisories/35211	af854a3a-2127-422b-91ae-364da2661108
14	http://security.gentoo.org/glsa/glsa-200905-04.xml	af854a3a-2127-422b-91ae-364da2661108
15	http://www.mandriva.com/security/advisories?name=MDVSA-2009:116	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/34783	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securitytracker.com/id?1022158	af854a3a-2127-422b-91ae-364da2661108
18	http://www.vupen.com/english/advisories/2009/1218	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-310	暗号の問題	https://cwe.mitre.org/data/definitions/310.html

JVN Vulnerability Information

GnuTLS の libgnutls の lib/gnutls_pk.c における証明書上の署名を偽装される脆弱性

Title	GnuTLS の libgnutls の lib/gnutls_pk.c における証明書上の署名を偽装される脆弱性
Summary	GnuTLS の libgnutls の lib/gnutls_pk.c は、DSA 鍵の替わりに DSA 構造内に格納された RSA 鍵を生成するため、証明書上の署名を偽装される脆弱性が存在します。
Possible impacts	第三者により、無効な DSA 鍵が活用されることで、証明書上の署名を偽装される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 20, 2009, midnight
Registration Date	June 26, 2012, 4:10 p.m.
Last Update	June 26, 2012, 4:10 p.m.

Affected System

GNU Project

GnuTLS 2.5.0 から 2.6.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-1416	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416
National Vulnerability Database (NVD)
2	CVE-2009-1416	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1416

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
gnu
1	Encryption using DSA keys	http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.