Vulnerabilities > CVE-2005-1431 - Denial of Service vulnerability in GNUTLS Padding
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-430.NASL description Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. A denial of service bug was found in the GnuTLS library versions prior to 1.0.25. A remote attacker could perform a carefully crafted TLS handshake against a service that uses the GnuTLS library causing the service to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1431 to this issue. All users of GnuTLS are advised to upgrade to these updated packages and to restart any services which use GnuTLS. last seen 2020-06-01 modified 2020-06-02 plugin id 18407 published 2005-06-02 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18407 title RHEL 4 : gnutls (RHSA-2005:430) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:430. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18407); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1431"); script_xref(name:"RHSA", value:"2005:430"); script_name(english:"RHEL 4 : gnutls (RHSA-2005:430)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. A denial of service bug was found in the GnuTLS library versions prior to 1.0.25. A remote attacker could perform a carefully crafted TLS handshake against a service that uses the GnuTLS library causing the service to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1431 to this issue. All users of GnuTLS are advised to upgrade to these updated packages and to restart any services which use GnuTLS." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1431" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:430" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls and / or gnutls-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/03"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:430"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"gnutls-1.0.20-3.2.1")) flag++; if (rpm_check(release:"RHEL4", reference:"gnutls-devel-1.0.20-3.2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-devel"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-04.NASL description The remote host is affected by the vulnerability described in GLSA-200505-04 (GnuTLS: Denial of Service vulnerability) A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact : A remote attacker could exploit this vulnerability and cause a Denial of Service to any application that utilizes the GnuTLS library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18230 published 2005-05-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18230 title GLSA-200505-04 : GnuTLS: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200505-04. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18230); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1431"); script_xref(name:"GLSA", value:"200505-04"); script_name(english:"GLSA-200505-04 : GnuTLS: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200505-04 (GnuTLS: Denial of Service vulnerability) A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact : A remote attacker could exploit this vulnerability and cause a Denial of Service to any application that utilizes the GnuTLS library. Workaround : There is no known workaround at this time." ); # http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html script_set_attribute( attribute:"see_also", value:"https://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200505-04" ); script_set_attribute( attribute:"solution", value: "All GnuTLS users should remove the existing installation and upgrade to the latest version: # emerge --sync # emerge --unmerge gnutls # emerge --ask --oneshot --verbose net-libs/gnutls Due to small API changes with the previous version, please do the following to ensure your applications are using the latest GnuTLS that you just emerged. # revdep-rebuild --soname-regexp libgnutls.so.1[0-1] Previously exported RSA keys can be fixed by executing the following command on the key files: # certtool -k infile outfile" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-libs/gnutls", unaffected:make_list("ge 1.2.3", "rge 1.0.25"), vulnerable:make_list("lt 1.2.3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GnuTLS"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-430.NASL description Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. A denial of service bug was found in the GnuTLS library versions prior to 1.0.25. A remote attacker could perform a carefully crafted TLS handshake against a service that uses the GnuTLS library causing the service to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1431 to this issue. All users of GnuTLS are advised to upgrade to these updated packages and to restart any services which use GnuTLS. last seen 2020-06-01 modified 2020-06-02 plugin id 21938 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21938 title CentOS 4 : gnutls (CESA-2005:430) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:430 and # CentOS Errata and Security Advisory 2005:430 respectively. # include("compat.inc"); if (description) { script_id(21938); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1431"); script_xref(name:"RHSA", value:"2005:430"); script_name(english:"CentOS 4 : gnutls (CESA-2005:430)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. A denial of service bug was found in the GnuTLS library versions prior to 1.0.25. A remote attacker could perform a carefully crafted TLS handshake against a service that uses the GnuTLS library causing the service to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1431 to this issue. All users of GnuTLS are advised to upgrade to these updated packages and to restart any services which use GnuTLS." ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011769.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d95d6027" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011770.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?94f49b45" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011783.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ead7b40f" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/03"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"gnutls-1.0.20-3.2.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"gnutls-devel-1.0.20-3.2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-devel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-126-1.NASL description A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not possible to exploit this to execute any attacker specified code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20516 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20516 title Ubuntu 4.10 / 5.04 : gnutls11, gnutls10 vulnerability (USN-126-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-084.NASL description Two vulnerabilities were discovered in the GnuTLS library. The first is a vulnerability in the way GnuTLS does record packet parsing; the second is a flaw in the RSA key export functionality. These could be exploited by a remote attacker to cause a Denial of Service to any program using the GnuTLS library. The provided packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18273 published 2005-05-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18273 title Mandrake Linux Security Advisory : gnutls (MDKSA-2005:084)
Oval
| accepted | 2013-04-29T04:18:33.315-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9238 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html
- http://secunia.com/advisories/15193
- http://securitytracker.com/id?1013861
- http://www.osvdb.org/16054
- http://www.redhat.com/support/errata/RHSA-2005-430.html
- http://www.securityfocus.com/bid/13477
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20328
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238