9.3 - VU#252626

Executive Summary

Summary
Title	GnuTLS Client Hello repeat Denial of Service

Informations
Name	VU#252626	First vendor Publication	2008-05-29
Vendor	VU-CERT	Last vendor Modification	2008-05-29
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#252626

GnuTLS Client Hello repeat Denial of Service

Overview

A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service.

I. Description

GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages. According to CERT-FI Vulnerability Advisory on GnuTLS:

The program reads the first Client Hello and then proceeds to send Server Hello, Certificate, Certificate Request and Server Hello Done messages. After sending these, it apperently reads next Client Hello from the message sent earlier and crashes to segmentation fault caused by null pointer.

Note that this issue may affect GnuTLS versions prior to 2.2.5 and also affects version 2.3.0.

II. Impact

A remote, unauthorized attacker may be able to cause a denial of service.

III. Solution

Upgrade or Apply Patch

GnuTLS has issued an upgrade and a patch to address this issue. See GnuTLS Security Advisory SA-2008-01 for more information. GnuTLS is included in various Linux and UNIX distributions. Please consult the relevant documentation of your distribution to obtain the appropriate updates.

Systems Affected

Vendor	Status	Date Updated
GnuTLS	Vulnerable	29-May-2008

References

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
http://secunia.com/advisories/30287/
http://secunia.com/advisories/30330/

Credit

This issue was reported in GnuTLS Security Advisory SA-2008-01. GnuTLS credits Ossi Herrala and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for reporting this issue.

This document was written by Chris Taschner.

Other Information

Date Public	05/19/2008
Date First Published	05/29/2008 11:29:25 AM
Date Last Updated	05/29/2008
CERT Advisory
CVE Name	CVE-2008-1949
US-CERT Technical Alerts
Metric	9.19
Document Revision	13

Original Source

Url : http://www.kb.cert.org/vuls/id/252626

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9519

Oval ID:	oval:org.mitre.oval:def:9519
Title:	The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Description:	The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1949	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section gnutls is earlier than 0:1.0.20-4.el4_6 AND gnutls-devel is earlier than 0:1.0.20-4.el4_6 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section gnutls is earlier than 0:1.4.1-3.el5_1 AND gnutls-devel is earlier than 0:1.4.1-3.el5_1 AND gnutls-utils is earlier than 0:1.4.1-3.el5_1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Gnutls cpe:2.3:a:gnu:gnutls:2.3.9:::::::* cpe:2.3:a:gnu:gnutls:2.3.8:::::::* cpe:2.3:a:gnu:gnutls:2.3.7:::::::* cpe:2.3:a:gnu:gnutls:2.3.6:::::::* cpe:2.3:a:gnu:gnutls:2.3.5:::::::* cpe:2.3:a:gnu:gnutls:2.3.4:::::::* cpe:2.3:a:gnu:gnutls:2.3.3:::::::* cpe:2.3:a:gnu:gnutls:2.3.2:::::::* cpe:2.3:a:gnu:gnutls:2.3.11:::::::* cpe:2.3:a:gnu:gnutls:2.3.10:::::::* cpe:2.3:a:gnu:gnutls:2.3.1:::::::* cpe:2.3:a:gnu:gnutls:2.3.0:::::::* cpe:2.3:a:gnu:gnutls:2.2.5:::::::* cpe:2.3:a:gnu:gnutls:2.2.4:::::::* cpe:2.3:a:gnu:gnutls:2.2.3:::::::* cpe:2.3:a:gnu:gnutls:2.2.2:::::::* cpe:2.3:a:gnu:gnutls:2.2.1:::::::* cpe:2.3:a:gnu:gnutls:2.2.0:::::::* cpe:2.3:a:gnu:gnutls:2.1.8:::::::* cpe:2.3:a:gnu:gnutls:2.1.7:::::::* cpe:2.3:a:gnu:gnutls:2.1.6:::::::* cpe:2.3:a:gnu:gnutls:2.1.5:::::::* cpe:2.3:a:gnu:gnutls:2.1.4:::::::* cpe:2.3:a:gnu:gnutls:2.1.3:::::::* cpe:2.3:a:gnu:gnutls:2.1.2:::::::* cpe:2.3:a:gnu:gnutls:2.1.1:::::::* cpe:2.3:a:gnu:gnutls:2.1.0:::::::* cpe:2.3:a:gnu:gnutls:2.0.4:::::::* cpe:2.3:a:gnu:gnutls:2.0.3:::::::* cpe:2.3:a:gnu:gnutls:2.0.2:::::::* cpe:2.3:a:gnu:gnutls:2.0.1:::::::* cpe:2.3:a:gnu:gnutls:2.0.0:::::::* cpe:2.3:a:gnu:gnutls:1.7.9:::::::* cpe:2.3:a:gnu:gnutls:1.7.8:::::::* cpe:2.3:a:gnu:gnutls:1.7.7:::::::* cpe:2.3:a:gnu:gnutls:1.7.6:::::::* cpe:2.3:a:gnu:gnutls:1.7.5:::::::* cpe:2.3:a:gnu:gnutls:1.7.4:::::::* cpe:2.3:a:gnu:gnutls:1.7.3:::::::* cpe:2.3:a:gnu:gnutls:1.7.2:::::::* cpe:2.3:a:gnu:gnutls:1.7.19:::::::* cpe:2.3:a:gnu:gnutls:1.7.18:::::::* cpe:2.3:a:gnu:gnutls:1.7.17:::::::* cpe:2.3:a:gnu:gnutls:1.7.16:::::::* cpe:2.3:a:gnu:gnutls:1.7.15:::::::* cpe:2.3:a:gnu:gnutls:1.7.14:::::::* cpe:2.3:a:gnu:gnutls:1.7.13:::::::* cpe:2.3:a:gnu:gnutls:1.7.12:::::::* cpe:2.3:a:gnu:gnutls:1.7.11:::::::* cpe:2.3:a:gnu:gnutls:1.7.10:::::::* cpe:2.3:a:gnu:gnutls:1.7.1:::::::* cpe:2.3:a:gnu:gnutls:1.7.0:::::::* cpe:2.3:a:gnu:gnutls:1.6.3:::::::* cpe:2.3:a:gnu:gnutls:1.6.2:::::::* cpe:2.3:a:gnu:gnutls:1.6.1:::::::* cpe:2.3:a:gnu:gnutls:1.6.0:::::::* cpe:2.3:a:gnu:gnutls:1.5.5:::::::* cpe:2.3:a:gnu:gnutls:1.5.4:::::::* cpe:2.3:a:gnu:gnutls:1.5.3:::::::* cpe:2.3:a:gnu:gnutls:1.5.2:::::::* cpe:2.3:a:gnu:gnutls:1.5.1:::::::* cpe:2.3:a:gnu:gnutls:1.5.0:::::::* cpe:2.3:a:gnu:gnutls:1.4.5:::::::* cpe:2.3:a:gnu:gnutls:1.4.4:::::::* cpe:2.3:a:gnu:gnutls:1.4.3:::::::* cpe:2.3:a:gnu:gnutls:1.4.2:::::::* cpe:2.3:a:gnu:gnutls:1.4.1:::::::* cpe:2.3:a:gnu:gnutls:1.4.0:::::::* cpe:2.3:a:gnu:gnutls:1.3.5:::::::* cpe:2.3:a:gnu:gnutls:1.3.4:::::::* cpe:2.3:a:gnu:gnutls:1.3.3:::::::* cpe:2.3:a:gnu:gnutls:1.3.2:::::::* cpe:2.3:a:gnu:gnutls:1.3.1:::::::* cpe:2.3:a:gnu:gnutls:1.3.0:::::::* cpe:2.3:a:gnu:gnutls:1.2.9:::::::* cpe:2.3:a:gnu:gnutls:1.2.8:::::::* cpe:2.3:a:gnu:gnutls:1.2.7:::::::* cpe:2.3:a:gnu:gnutls:1.2.6:::::::* cpe:2.3:a:gnu:gnutls:1.2.5:::::::* cpe:2.3:a:gnu:gnutls:1.2.4:::::::* cpe:2.3:a:gnu:gnutls:1.2.3:::::::* cpe:2.3:a:gnu:gnutls:1.2.2:::::::* cpe:2.3:a:gnu:gnutls:1.2.11:::::::* cpe:2.3:a:gnu:gnutls:1.2.10:::::::* cpe:2.3:a:gnu:gnutls:1.2.1:::::::* cpe:2.3:a:gnu:gnutls:1.2.0:::::::* cpe:2.3:a:gnu:gnutls:1.1.23:::::::* cpe:2.3:a:gnu:gnutls:1.1.22:::::::* cpe:2.3:a:gnu:gnutls:1.1.21:::::::* cpe:2.3:a:gnu:gnutls:1.1.20:::::::* cpe:2.3:a:gnu:gnutls:1.1.19:::::::* cpe:2.3:a:gnu:gnutls:1.1.18:::::::* cpe:2.3:a:gnu:gnutls:1.1.17:::::::* cpe:2.3:a:gnu:gnutls:1.1.16:::::::* cpe:2.3:a:gnu:gnutls:1.1.15:::::::* cpe:2.3:a:gnu:gnutls:1.1.14:::::::* cpe:2.3:a:gnu:gnutls:1.1.13:::::::* cpe:2.3:a:gnu:gnutls:1.0.25:::::::* cpe:2.3:a:gnu:gnutls:1.0.24:::::::* cpe:2.3:a:gnu:gnutls:1.0.23:::::::* cpe:2.3:a:gnu:gnutls:1.0.22:::::::* cpe:2.3:a:gnu:gnutls:1.0.21:::::::* cpe:2.3:a:gnu:gnutls:1.0.20:::::::* cpe:2.3:a:gnu:gnutls:1.0.19:::::::* cpe:2.3:a:gnu:gnutls:1.0.18:::::::*	105

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls1.nasl
2009-10-10	Name : SLES9: Security update for GnuTLS File : nvt/sles9p5035527.nasl
2009-04-09	Name : Mandriva Update for gnutls MDVSA-2008:106 (gnutls) File : nvt/gb_mandriva_MDVSA_2008_106.nasl
2009-03-23	Name : Ubuntu Update for gnutls12, gnutls13 vulnerabilities USN-613-1 File : nvt/gb_ubuntu_USN_613_1.nasl
2009-03-06	Name : RedHat Update for gnutls RHSA-2008:0489-01 File : nvt/gb_RHSA-2008_0489-01_gnutls.nasl
2009-03-06	Name : RedHat Update for gnutls RHSA-2008:0492-01 File : nvt/gb_RHSA-2008_0492-01_gnutls.nasl
2009-02-17	Name : Fedora Update for gnutls FEDORA-2008-4183 File : nvt/gb_fedora_2008_4183_gnutls_fc8.nasl
2009-02-17	Name : Fedora Update for gnutls FEDORA-2008-4259 File : nvt/gb_fedora_2008_4259_gnutls_fc9.nasl
2009-02-17	Name : Fedora Update for gnutls FEDORA-2008-4274 File : nvt/gb_fedora_2008_4274_gnutls_fc7.nasl
2009-01-23	Name : SuSE Update for gnutls SUSE-SA:2008:046 File : nvt/gb_suse_2008_046.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-20 (gnutls) File : nvt/glsa_200805_20.nasl
2008-09-06	Name : GnuTLS < 2.2.5 vulnerability (Lin) File : nvt/gnutls_CB-A08-0079.nasl
2008-09-06	Name : GnuTLS < 2.2.4 vulnerability (Win) File : nvt/smbcl_gnutls_CB-A08-0079.nasl
2008-05-27	Name : Debian Security Advisory DSA 1581-1 (gnutls13) File : nvt/deb_1581_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-180-01 gnutls File : nvt/esoft_slk_ssa_2008_180_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
45383	GnuTLS gnutls-serv libgnutls lib/gnutls_kx.c _gnutls_recv_client_kx_message F...

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0492.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0489.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080520_gnutls_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080520_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0489.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0492.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12230.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-5543.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-106.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote openSUSE host is missing a security update. File : suse_gnutls-5275.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-5601.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-180-01.nasl - Type : ACT_GATHER_INFO
2008-06-30	Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6h.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Fedora host is missing a security update. File : fedora_2008-4259.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Fedora host is missing a security update. File : fedora_2008-4274.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-20.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Fedora host is missing a security update. File : fedora_2008-4183.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1581.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0489.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0492.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-613-1.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	105
osvdb(s)	1
Openvas Exploit(s)	15
Nessus® Exploit(s)	21

	Related
9.3	CVE-2008-1949
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)