Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2012-1569 | First vendor Publication | 2012-03-26 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15268 | |||
Oval ID: | oval:org.mitre.oval:def:15268 | ||
Title: | DSA-2440-1 libtasn1-3 – missing bounds check | ||
Description: | Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2440-1 CVE-2012-1569 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libtasn1-3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17827 | |||
Oval ID: | oval:org.mitre.oval:def:17827 | ||
Title: | USN-1436-1 -- libtasn1-3 vulnerability | ||
Description: | Libtasn1 could be made to crash or run programs as your login if it received specially crafted input. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1436-1 CVE-2012-1569 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libtasn1-3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20194 | |||
Oval ID: | oval:org.mitre.oval:def:20194 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1569 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21088 | |||
Oval ID: | oval:org.mitre.oval:def:21088 | ||
Title: | RHSA-2012:0427: libtasn1 security update (Important) | ||
Description: | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0427-02 CESA-2012:0427 CVE-2012-1569 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | libtasn1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23804 | |||
Oval ID: | oval:org.mitre.oval:def:23804 | ||
Title: | ELSA-2012:0427: libtasn1 security update (Important) | ||
Description: | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0427-02 CVE-2012-1569 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | libtasn1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27663 | |||
Oval ID: | oval:org.mitre.oval:def:27663 | ||
Title: | DEPRECATED: ELSA-2012-0427 -- libtasn1 security update (important) | ||
Description: | [2.3-3.1] - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0427 CVE-2012-1569 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | libtasn1 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-12 (libtasn1) File : nvt/glsa_201209_12.nasl |
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-08-30 | Name : Fedora Update for mingw-p11-kit FEDORA-2012-4451 File : nvt/gb_fedora_2012_4451_mingw-p11-kit_fc17.nasl |
2012-08-30 | Name : Fedora Update for libtasn1 FEDORA-2012-4357 File : nvt/gb_fedora_2012_4357_libtasn1_fc17.nasl |
2012-08-30 | Name : Fedora Update for mingw-libtasn1 FEDORA-2012-4451 File : nvt/gb_fedora_2012_4451_mingw-libtasn1_fc17.nasl |
2012-08-30 | Name : Fedora Update for mingw-gnutls FEDORA-2012-4451 File : nvt/gb_fedora_2012_4451_mingw-gnutls_fc17.nasl |
2012-08-03 | Name : Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1) File : nvt/gb_mandriva_MDVSA_2012_039.nasl |
2012-07-30 | Name : CentOS Update for libtasn1 CESA-2012:0427 centos6 File : nvt/gb_CESA-2012_0427_libtasn1_centos6.nasl |
2012-07-30 | Name : CentOS Update for gnutls CESA-2012:0428 centos5 File : nvt/gb_CESA-2012_0428_gnutls_centos5.nasl |
2012-07-09 | Name : RedHat Update for libtasn1 RHSA-2012:0427-01 File : nvt/gb_RHSA-2012_0427-01_libtasn1.nasl |
2012-05-04 | Name : Ubuntu Update for libtasn1-3 USN-1436-1 File : nvt/gb_ubuntu_USN_1436_1.nasl |
2012-04-30 | Name : FreeBSD Ports: libtasn1 File : nvt/freebsd_libtasn1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2440-1 (libtasn1-3) File : nvt/deb_2440_1.nasl |
2012-04-13 | Name : Fedora Update for mingw-libtasn1 FEDORA-2012-4417 File : nvt/gb_fedora_2012_4417_mingw-libtasn1_fc15.nasl |
2012-04-13 | Name : Fedora Update for mingw32-gnutls FEDORA-2012-4417 File : nvt/gb_fedora_2012_4417_mingw32-gnutls_fc15.nasl |
2012-04-11 | Name : Fedora Update for libtasn1 FEDORA-2012-4342 File : nvt/gb_fedora_2012_4342_libtasn1_fc16.nasl |
2012-04-11 | Name : Fedora Update for libtasn1 FEDORA-2012-4308 File : nvt/gb_fedora_2012_4308_libtasn1_fc15.nasl |
2012-04-02 | Name : Fedora Update for mingw32-gnutls FEDORA-2012-4409 File : nvt/gb_fedora_2012_4409_mingw32-gnutls_fc16.nasl |
2012-04-02 | Name : Fedora Update for mingw-libtasn1 FEDORA-2012-4409 File : nvt/gb_fedora_2012_4409_mingw-libtasn1_fc16.nasl |
2012-03-29 | Name : RedHat Update for gnutls RHSA-2012:0428-01 File : nvt/gb_RHSA-2012_0428-01_gnutls.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability Severity : Category I - VMSKEY : V0033791 |
2012-09-13 | IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity : Category I - VMSKEY : V0033792 |
2012-09-13 | IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity : Category I - VMSKEY : V0033793 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0488.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0531.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-277.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
2013-10-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-287-03.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-60.nasl - Type : ACT_GATHER_INFO |
2013-07-29 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0427.nasl - Type : ACT_GATHER_INFO |
2013-06-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-120615.nasl - Type : ACT_GATHER_INFO |
2012-09-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-12.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120327_gnutls_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120327_libtasn1_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-8066.nasl - Type : ACT_GATHER_INFO |
2012-05-03 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1436-1.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-4417.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-4451.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4357.nasl - Type : ACT_GATHER_INFO |
2012-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4308.nasl - Type : ACT_GATHER_INFO |
2012-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4342.nasl - Type : ACT_GATHER_INFO |
2012-04-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-4409.nasl - Type : ACT_GATHER_INFO |
2012-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0428.nasl - Type : ACT_GATHER_INFO |
2012-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0427.nasl - Type : ACT_GATHER_INFO |
2012-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0428.nasl - Type : ACT_GATHER_INFO |
2012-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0427.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-039.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2440.nasl - Type : ACT_GATHER_INFO |
2012-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2e7e907273a011e1a883001cc0a36e12.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:02:25 |
|
2024-11-28 12:29:19 |
|
2021-05-05 01:10:12 |
|
2021-05-04 12:19:30 |
|
2021-04-22 01:23:12 |
|
2020-11-17 01:07:52 |
|
2020-05-23 01:48:25 |
|
2020-05-23 00:33:14 |
|
2018-11-01 12:04:11 |
|
2018-01-18 09:21:54 |
|
2018-01-09 13:22:56 |
|
2017-12-29 09:22:00 |
|
2017-12-14 09:21:24 |
|
2017-12-06 09:22:07 |
|
2016-04-26 21:40:06 |
|
2016-03-01 13:26:32 |
|
2014-11-18 13:26:01 |
|
2014-11-08 13:30:05 |
|
2014-06-18 09:23:22 |
|
2014-06-14 13:32:37 |
|
2014-03-26 13:22:04 |
|
2014-03-18 13:22:12 |
|
2014-02-17 11:09:03 |
|
2013-11-11 12:39:49 |
|
2013-05-10 22:36:01 |
|
2013-05-04 17:19:49 |
|
2013-03-02 13:18:56 |
|