CVE-2009-1417
GnuTLS < 2.6.6 - Certificate Expiration Bypass via Missing Time Checks
Title source: llmDescription
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022159
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1218
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34783
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200905-04.xml
Patch mailing-list
x_refsource_mlist
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34842
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35211
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
Scores
EPSS
0.0058
EPSS Percentile
69.0%
Details
CWE
CWE-310
Status
published
Products (50)
gnu/gnutls
1.0.16
gnu/gnutls
1.0.17
gnu/gnutls
1.0.18
gnu/gnutls
1.0.19
gnu/gnutls
1.0.20
gnu/gnutls
1.0.21
gnu/gnutls
1.0.22
gnu/gnutls
1.0.23
gnu/gnutls
1.0.24
gnu/gnutls
1.0.25
... and 40 more
Published
Apr 30, 2009
Tracked Since
Feb 18, 2026