Vulnerabilities > CVE-2006-0645 - Denial of Service vulnerability in GNUTLS LibTASN1 DER Decoding
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-986.NASL description Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component of the Tiny ASN.1 Library, which is also present and used in GnuTLS, the GNU implementation for Transport Layer Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols and which allows attackers to crash the DER decoder and possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22852 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22852 title Debian DSA-986-1 : gnutls11 - buffer overflows NASL family Fedora Local Security Checks NASL id FEDORA_2006-107.NASL description - Fri Feb 10 2006 Martin Stransky <stransky at redhat.com> 1.0.25-2.FC4 - fix for CVE-2006-0645 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20884 published 2006-02-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20884 title Fedora Core 4 : gnutls-1.0.25-2.FC4 (2006-107) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0207.NASL description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20886 published 2006-02-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20886 title RHEL 4 : gnutls (RHSA-2006:0207) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0207.NASL description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21987 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21987 title CentOS 4 : gnutls (CESA-2006:0207) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-251-1.NASL description Evgeny Legerov discovered a buffer overflow in the DER format decoding function of the libtasn library. This library is mainly used by the GNU TLS library; by sending a specially crafted X.509 certificate to a server which uses TLS encryption/authentication, a remote attacker could exploit this to crash that server process and possibly even execute arbitrary code with the privileges of that server. In order to fix the vulnerability in libtasn, several internal function signatures had to be changed; some of these functions are used by the GNU TLS library, so that library needs to be updated as well. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21060 published 2006-03-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21060 title Ubuntu 4.10 / 5.04 / 5.10 : libtasn1-2 vulnerability (USN-251-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-039.NASL description Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20897 published 2006-02-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20897 title Mandrake Linux Security Advisory : gnutls (MDKSA-2006:039) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-985.NASL description Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component of the Tiny ASN.1 Library that allows attackers to crash the DER decoder and possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22851 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22851 title Debian DSA-985-1 : libtasn1-2 - buffer overflows NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-08.NASL description The remote host is affected by the vulnerability described in GLSA-200602-08 (libtasn1, GNU TLS: Security flaw in DER decoding) Evgeny Legerov has reported a flaw in the DER decoding routines provided by libtasn1, which could cause an out of bounds access to occur. Impact : A remote attacker could cause an application using libtasn1 to crash and potentially execute arbitrary code by sending specially crafted input. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20934 published 2006-02-17 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20934 title GLSA-200602-08 : libtasn1, GNU TLS: Security flaw in DER decoding
Oval
| accepted | 2013-04-29T04:06:33.154-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10540 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
- http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
- http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
- http://rhn.redhat.com/errata/RHSA-2006-0207.html
- http://secunia.com/advisories/18794
- http://secunia.com/advisories/18815
- http://secunia.com/advisories/18830
- http://secunia.com/advisories/18832
- http://secunia.com/advisories/18898
- http://secunia.com/advisories/18918
- http://secunia.com/advisories/19080
- http://secunia.com/advisories/19092
- http://securityreason.com/securityalert/446
- http://securitytracker.com/id?1015612
- http://www.debian.org/security/2006/dsa-985
- http://www.debian.org/security/2006/dsa-986
- http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
- http://www.gleg.net/protover_ssl.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
- http://www.osvdb.org/23054
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
- http://www.securityfocus.com/archive/1/424538/100/0/threaded
- http://www.securityfocus.com/bid/16568
- http://www.trustix.org/errata/2006/0008
- http://www.vupen.com/english/advisories/2006/0496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
- https://usn.ubuntu.com/251-1/