oval:org.mitre.oval:def:13825

Definition Id: oval:org.mitre.oval:def:13825
 
Oval ID: oval:org.mitre.oval:def:13825
Title: USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities
Description: Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 . In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information
Family: unix Class: patch
Reference(s): USN-809-1
CVE-2009-2730
CVE-2009-2409
CVE-2008-4989
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): gnutls12
gnutls13
gnutls26
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13250
 
Oval ID: oval:org.mitre.oval:def:13250
Title: Ubuntu 8.04 is installed
Description: Ubuntu 8.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.04
Version: 3
Platform(s): Ubuntu 8.04
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13825
Definition Id: oval:org.mitre.oval:def:13319
 
Oval ID: oval:org.mitre.oval:def:13319
Title: Ubuntu 6.06 is installed
Description: Ubuntu 6.06 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:6.06
Version: 3
Platform(s): Ubuntu 6.06
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13825
Definition Id: oval:org.mitre.oval:def:13306
 
Oval ID: oval:org.mitre.oval:def:13306
Title: Ubuntu 8.10 is installed
Description: Ubuntu 8.10 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.10
Version: 3
Platform(s): Ubuntu 8.10
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13825
Definition Id: oval:org.mitre.oval:def:12669
 
Oval ID: oval:org.mitre.oval:def:12669
Title: Ubuntu 9.04 is installed
Description: Ubuntu 9.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:canonical:ubuntu_linux:9.04
Version: 5
Platform(s): Ubuntu 9.04
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13825