Red Hat Customer Portal

Skip to main content

CVE-2008-4989

Impact:
Moderate
Public Date:
2008-11-10
Bugzilla:
470079: CVE-2008-4989 gnutls: certificate chain verification flaw

The MITRE CVE dictionary describes this issue as:

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

Find out more about CVE-2008-4989 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gnutls) RHSA-2008:0982 2008-11-11