CVE-2009-5138 | Vulnerability Database | Aqua Security

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

Affected Software

Name	Vendor	Start Version	End Version
Gnutls	Gnu	*	2.7.5 (including)
Gnutls	Gnu	2.7.0 (including)	2.7.0 (including)
Gnutls	Gnu	2.7.1 (including)	2.7.1 (including)
Gnutls	Gnu	2.7.2 (including)	2.7.2 (including)
Gnutls	Gnu	2.7.3 (including)	2.7.3 (including)
Gnutls	Gnu	2.7.4 (including)	2.7.4 (including)

References

http://article.gmane.org/gmane.comp.security.oss.general/12223
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
http://rhn.redhat.com/errata/RHSA-2014-0247.html
http://secunia.com/advisories/57254
http://secunia.com/advisories/57260
http://secunia.com/advisories/57274
http://secunia.com/advisories/57321
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361
http://thread.gmane.org/gmane.comp.security.oss.general/12127
https://bugzilla.redhat.com/show_bug.cgi?id=1069301
https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-5138
CWE	https://cwe.mitre.org/data/definitions/264.html