CVE-2009-1417

Published: 4/30/2009 Last updated: 8/7/2024 Reserved: 4/24/2009

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (5)

conf-gnutls conf-mingw-w64-gnutls-i686 conf-mingw-w64-gnutls-x86_64 conf-srt conf-srt-gnutls

Products affected (1)

Product	Vendor	Version
n/a	n/a	Tuleap Community Edition < 14.11.99.28

References (18)

https://exchange.xforce.ibmcloud.com/vulnerabilities/50261
http://www.securitytracker.com/id?1022159
http://www.vupen.com/english/advisories/2009/1218
http://www.securityfocus.com/bid/34783
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261
http://www.securitytracker.com/id?1022159
http://www.vupen.com/english/advisories/2009/1218
http://www.securityfocus.com/bid/34783
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116