Vulnerabilities > CVE-2006-7239 - Cryptographic Issues vulnerability in GNU Gnutls

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
CWE-310
nessus
NVD
Published: 2010-05-24
Updated: 2023-02-13

Summary

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

Vulnerable Configurations

Part Description Count
Application
Gnu
43

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familyUbuntu Local Security Checks
NASL idUBUNTU_USN-948-1.NASL
descriptionIt was discovered that GnuTLS did not always properly verify the hash algorithm of X.509 certificates. If an application linked against GnuTLS processed a crafted certificate, an attacker could make GnuTLS dereference a NULL pointer and cause a DoS via application crash. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id46812
published2010-06-04
reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/46812
titleUbuntu 6.06 LTS : gnutls12 vulnerability (USN-948-1)
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-948-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(46812);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2006-7239");
  script_xref(name:"USN", value:"948-1");

  script_name(english:"Ubuntu 6.06 LTS : gnutls12 vulnerability (USN-948-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against
GnuTLS processed a crafted certificate, an attacker could make GnuTLS
dereference a NULL pointer and cause a DoS via application crash.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/948-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnutls-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls12-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"gnutls-bin", pkgver:"1.2.9-2ubuntu1.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libgnutls-dev", pkgver:"1.2.9-2ubuntu1.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libgnutls12", pkgver:"1.2.9-2ubuntu1.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libgnutls12-dbg", pkgver:"1.2.9-2ubuntu1.8")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls-bin / libgnutls-dev / libgnutls12 / libgnutls12-dbg");
}

Redhat

advisories
bugzilla
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentgnutls-devel is earlier than 0:1.4.1-7.el5_8.1
          ovaloval:com.redhat.rhba:tst:20120319001
        • commentgnutls-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20120319002
      • AND
        • commentgnutls-utils is earlier than 0:1.4.1-7.el5_8.1
          ovaloval:com.redhat.rhba:tst:20120319003
        • commentgnutls-utils is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20120319004
      • AND
        • commentgnutls is earlier than 0:1.4.1-7.el5_8.1
          ovaloval:com.redhat.rhba:tst:20120319005
        • commentgnutls is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20120319006
rhsa
idRHBA-2012:0319
released2012-02-21
severityNone
titleRHBA-2012:0319: gnutls bug fix update (None)
rpms
  • gnutls-0:1.4.1-7.el5_8.1
  • gnutls-debuginfo-0:1.4.1-7.el5_8.1
  • gnutls-devel-0:1.4.1-7.el5_8.1
  • gnutls-utils-0:1.4.1-7.el5_8.1

References