Executive Summary
Summary | |
---|---|
Title | GnuTLS Pad Length Denial of Service |
Informations | |||
---|---|---|---|
Name | VU#659209 | First vendor Publication | 2008-05-30 |
Vendor | VU-CERT | Last vendor Modification | 2008-05-30 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#659209GnuTLS Pad Length Denial of ServiceOverviewA vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service.I. DescriptionGnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a sequence of specially crafted packets. According to CERT-FI Vulnerability Advisory on GnuTLS:We have found the flaw by doing complete TLS 1.0 handshake followed by a encrypted Client-Hello message to start abbreviated handshake. In this case the the Record Length field of the TLS Record containing the Client Hello contains erroneus value '8' triggering the bug. Note that this might not be the only way to reproduce the bug. II. ImpactA remote, unauthorized attacker may be able to cause a denial of service.III. SolutionUpgrade or Apply PatchGnuTLS has issued an upgrade and a patch to address this issue. See GnuTLS Security Advisory SA-2008-01 for more information. GnuTLS is included in various Linux and UNIX distributions. Please consult the relevant documentation of your distribution to obtain the appropriate updates.
References
This issue was reported in GnuTLS Security Advisory SA-2008-01. GnuTLS credits Ossi Herrala and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for reporting this issue. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/659209 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11393 | |||
Oval ID: | oval:org.mitre.oval:def:11393 | ||
Title: | Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | ||
Description: | Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1950 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17521 | |||
Oval ID: | oval:org.mitre.oval:def:17521 | ||
Title: | USN-613-1 -- gnutls12, gnutls13 vulnerabilities | ||
Description: | Multiple flaws were discovered in the connection handling of GnuTLS. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-613-1 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | gnutls12 gnutls13 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19997 | |||
Oval ID: | oval:org.mitre.oval:def:19997 | ||
Title: | DSA-1581-1 gnutls13 - potential code execution | ||
Description: | Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1581-1 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | gnutls13 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22264 | |||
Oval ID: | oval:org.mitre.oval:def:22264 | ||
Title: | ELSA-2008:0489: gnutls security update (Critical) | ||
Description: | Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0489-01 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7887 | |||
Oval ID: | oval:org.mitre.oval:def:7887 | ||
Title: | DSA-1581 gnutls13 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services. You must restart affected services manually (mainly Exim, using /etc/init.d/exim4 restart) after applying the update, to make the changes fully effective. Alternatively, you can reboot the system. The Common Vulnerabilities and Exposures project identifies the following problems: A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution. Repeated client hellos may result in a pre-authentication denial of service condition due to a null pointer dereference. Decoding cipher padding with an invalid record length may cause GNUTLS to read memory beyond the end of the received record, leading to a pre-authentication denial of service condition. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1581 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | gnutls13 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls1.nasl |
2009-10-10 | Name : SLES9: Security update for GnuTLS File : nvt/sles9p5035527.nasl |
2009-04-09 | Name : Mandriva Update for gnutls MDVSA-2008:106 (gnutls) File : nvt/gb_mandriva_MDVSA_2008_106.nasl |
2009-03-23 | Name : Ubuntu Update for gnutls12, gnutls13 vulnerabilities USN-613-1 File : nvt/gb_ubuntu_USN_613_1.nasl |
2009-03-06 | Name : RedHat Update for gnutls RHSA-2008:0489-01 File : nvt/gb_RHSA-2008_0489-01_gnutls.nasl |
2009-03-06 | Name : RedHat Update for gnutls RHSA-2008:0492-01 File : nvt/gb_RHSA-2008_0492-01_gnutls.nasl |
2009-02-17 | Name : Fedora Update for gnutls FEDORA-2008-4183 File : nvt/gb_fedora_2008_4183_gnutls_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnutls FEDORA-2008-4259 File : nvt/gb_fedora_2008_4259_gnutls_fc9.nasl |
2009-02-17 | Name : Fedora Update for gnutls FEDORA-2008-4274 File : nvt/gb_fedora_2008_4274_gnutls_fc7.nasl |
2009-01-23 | Name : SuSE Update for gnutls SUSE-SA:2008:046 File : nvt/gb_suse_2008_046.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-20 (gnutls) File : nvt/glsa_200805_20.nasl |
2008-09-06 | Name : GnuTLS < 2.2.5 vulnerability (Lin) File : nvt/gnutls_CB-A08-0079.nasl |
2008-09-06 | Name : GnuTLS < 2.2.4 vulnerability (Win) File : nvt/smbcl_gnutls_CB-A08-0079.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1581-1 (gnutls13) File : nvt/deb_1581_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-180-01 gnutls File : nvt/esoft_slk_ssa_2008_180_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45384 | GnuTLS libgnutls lib/gnutls_cipher.c _gnutls_ciphertext2compressed Function T... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0492.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0489.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080520_gnutls_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080520_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0489.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0492.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12230.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-5543.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-106.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote openSUSE host is missing a security update. File : suse_gnutls-5275.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-5601.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-180-01.nasl - Type : ACT_GATHER_INFO |
2008-06-30 | Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6h.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2008-4259.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2008-4274.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-20.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2008-4183.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1581.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0489.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0492.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-613-1.nasl - Type : ACT_GATHER_INFO |