Bug 498424 (CVE-2009-1416)

Summary: CVE-2009-1416 gnutls: All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2]
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, jorton, rjones, tmraz, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-18 19:56:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2009-04-30 12:45:21 UTC 
Quoting upstream security advisory:
  http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516

  When investigating the DSA problems reported by Miroslav Kratochvil,
  Simon Josefsson discovered that all DSA keys generated by
  GnuTLS 2.6.x are corrupt.  Rather than generating a DSA key, GnuTLS
  will generate a RSA key and store it in a DSA structure.

  GnuTLS 2.4.x and earlier did not contain the buggy code.

Fixed upstream in 2.6.6:
  http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
Comment 1 Tomas Hoger 2009-04-30 12:48:26 UTC 
This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5, and Fedora up to version 10, as they are based on upstream versions prior to 2.6.  gnutls 2.6.x is currently in F11/Rawhide, mingw32-gnutls based on upstream 2.6.x version is in F10 too.
Comment 2 Vincent Danen 2009-05-01 16:53:35 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1416 to
the following vulnerability:

Name: CVE-2009-1416
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416
Assigned: 20090424
Reference: MLIST:[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]
Reference: URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Reference: MLIST:[help-gnutls] 20090420 Encryption using DSA keys
Reference: URL: http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
Reference: SECUNIA:34842
Reference: URL: http://secunia.com/advisories/34842

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates
RSA keys stored in DSA structures, instead of the intended DSA keys,
which might allow remote attackers to spoof signatures on certificates
or have unspecified other impact by leveraging an invalid DSA key.
Comment 3 Vincent Danen 2009-09-18 19:56:52 UTC 
Fedora 11 contains gnutls-2.6.6-1.fc11 so nothing is actually vulnerable to this issue.