oval:org.mitre.oval:def:13825
Definition Id: oval:org.mitre.oval:def:13825 | |||
Oval ID: | oval:org.mitre.oval:def:13825 | ||
Title: | USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities | ||
Description: | Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 . In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information | ||
Family: | unix | Class: | patch |
Reference(s): | USN-809-1 CVE-2009-2730 CVE-2009-2409 CVE-2008-4989 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | gnutls12 gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13250 | |||
Oval ID: | oval:org.mitre.oval:def:13250 | ||
Title: | Ubuntu 8.04 is installed | ||
Description: | Ubuntu 8.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.04 | Version: | 3 |
Platform(s): | Ubuntu 8.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13825 |
Definition Id: oval:org.mitre.oval:def:13319 | |||
Oval ID: | oval:org.mitre.oval:def:13319 | ||
Title: | Ubuntu 6.06 is installed | ||
Description: | Ubuntu 6.06 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:ubuntu:ubuntu_linux:6.06 | Version: | 3 |
Platform(s): | Ubuntu 6.06 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13825 |
Definition Id: oval:org.mitre.oval:def:13306 | |||
Oval ID: | oval:org.mitre.oval:def:13306 | ||
Title: | Ubuntu 8.10 is installed | ||
Description: | Ubuntu 8.10 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.10 | Version: | 3 |
Platform(s): | Ubuntu 8.10 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13825 |
Definition Id: oval:org.mitre.oval:def:12669 | |||
Oval ID: | oval:org.mitre.oval:def:12669 | ||
Title: | Ubuntu 9.04 is installed | ||
Description: | Ubuntu 9.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:9.04 | Version: | 5 |
Platform(s): | Ubuntu 9.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13825 |