CVE-2008-4989 vulnerability in GNU and Other Products
Published on November 13, 2008

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2008-4989

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2008-4989 are published in these products:

Gnutls

Fedora Project Fedora

Canonical Ubuntu Linux

Debian Linux

Suse Linux Enterprise Server

Suse Linux Enterprise

OpenSuse

Exploit Probability

EPSS

0.39%

Percentile

59.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2008-4989 vulnerability in GNU and Other ProductsPublished on November 13, 2008

Products Associated with CVE-2008-4989

Exploit Probability

CVE-2008-4989 vulnerability in GNU and Other Products
Published on November 13, 2008