Vulnerabilities > CVE-2008-1950 - Numeric Errors vulnerability in GNU Gnutls

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
CWE-189
nessus

Summary

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Vulnerable Configurations

Part Description Count
Application
Gnu
105

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idVLC_0_8_6H.NASL
    descriptionThe version of VLC Media Player installed on the remote host reportedly includes versions of GnuTLS, libgcrypt, and libxml2 that are affected by various denial of service and buffer overflow vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id33278
    published2008-06-30
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33278
    titleVLC Media Player < 0.8.6h Multiple Vulnerabilities
    code
    #
    #  (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33278);
      script_version("1.11");
    
      script_cve_id("CVE-2008-1948", "CVE-2008-1949", "CVE-2008-1950", "CVE-2007-6284");
      script_bugtraq_id(27248, 29292);
    
      script_name(english:"VLC Media Player < 0.8.6h Multiple Vulnerabilities");
      script_summary(english:"Checks version of VLC");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a media player that is affected by
    several vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The version of VLC Media Player installed on the remote host
    reportedly includes versions of GnuTLS, libgcrypt, and libxml2 that
    are affected by various denial of service and buffer overflow
    vulnerabilities." );
     script_set_attribute(attribute:"see_also", value:"http://www.videolan.org/developers/vlc/NEWS" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to VLC Media Player version 0.8.6h or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(189, 287, 399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/30");
     script_cvs_date("Date: 2018/08/06 14:03:16");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player");
    script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
    
      script_dependencies("vlc_installed.nasl");
      script_require_keys("SMB/VLC/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    ver = get_kb_item("SMB/VLC/Version");
    if (ver && tolower(ver) =~ "^0\.([0-7]\.|8\.([0-5]|6($|[a-g])))")
    {
      if (report_verbosity)
      {
        report = string(
          "\n",
          "VLC Media Player version ", ver, " is currently installed on the remote host.\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0492.NASL
    descriptionUpdated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32429
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32429
    titleRHEL 4 : gnutls (RHSA-2008:0492)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0492.NASL
    descriptionFrom Red Hat Security Advisory 2008:0492 : Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67697
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67697
    titleOracle Linux 4 : gnutls (ELSA-2008-0492)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080520_GNUTLS_ON_SL5_X.NASL
    descriptionFlaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) At this time we have not seen any code that is using this exploit. But in Scientific Linux 5 there are some applications, such as CUPS, that would be directly vulnerable if/when there is an exploit. Because of the potential threat we are labeling this critical.
    last seen2020-06-01
    modified2020-06-02
    plugin id60401
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60401
    titleScientific Linux Security Update : gnutls on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-4183.NASL
    descriptionFixes critical security issue GNUTLS-SA-2008-1 described here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html All applications and system services which utilize gnutls library must be restarted for the updates to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32408
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32408
    titleFedora 8 : gnutls-1.6.3-3.fc8 (2008-4183)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-5601.NASL
    descriptionMultiple issues have been fixed in gnutls. CVE-2008-1948 (GNUTLS-SA-2008-1-1), CVE-2008-1949 (GNUTLS-SA-2008-1-2) and CVE-2008-1950 (GNUTLS-SA-2008-1-3) have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id34215
    published2008-09-16
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34215
    titleSuSE 10 Security Update : GnuTLS (ZYPP Patch Number 5601)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-106.NASL
    descriptionFlaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id37379
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37379
    titleMandriva Linux Security Advisory : gnutls (MDVSA-2008:106)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0489.NASL
    descriptionFrom Red Hat Security Advisory 2008:0489 : Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 5 includes applications, such as CUPS, that would be directly vulnerable to any such an exploit, however. Consequently, we have assigned it critical severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67696
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67696
    titleOracle Linux 5 : gnutls (ELSA-2008-0489)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0489.NASL
    descriptionUpdated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 5 includes applications, such as CUPS, that would be directly vulnerable to any such an exploit, however. Consequently, we have assigned it critical severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32428
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32428
    titleRHEL 5 : gnutls (RHSA-2008:0489)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12230.NASL
    descriptionMultiple issues have been fixed in gnutls. CVE-2008-1948 (GNUTLS-SA-2008-1-1), CVE-2008-1949 (GNUTLS-SA-2008-1-2) and CVE-2008-1950 (GNUTLS-SA-2008-1-3) have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id41237
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41237
    titleSuSE9 Security Update : GnuTLS (YOU Patch Number 12230)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1581.NASL
    descriptionSeveral remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services. You must restart affected services manually (mainly Exim, using
    last seen2020-06-01
    modified2020-06-02
    plugin id32403
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32403
    titleDebian DSA-1581-1 : gnutls13 - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-613-1.NASL
    descriptionMultiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application
    last seen2020-06-01
    modified2020-06-02
    plugin id32432
    published2008-05-22
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32432
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : gnutls12, gnutls13 vulnerabilities (USN-613-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-5275.NASL
    descriptionMultiple issues have been fixed in gnutls: CVE-2008-1948 (GNUTLS-SA-2008-1-1), CVE-2008-1949 (GNUTLS-SA-2008-1-2) and CVE-2008-1950 (GNUTLS-SA-2008-1-3) have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id34214
    published2008-09-16
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34214
    titleopenSUSE 10 Security Update : gnutls (gnutls-5275)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0489.NASL
    descriptionUpdated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 5 includes applications, such as CUPS, that would be directly vulnerable to any such an exploit, however. Consequently, we have assigned it critical severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43688
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43688
    titleCentOS 5 : gnutls (CESA-2008:0489)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-5543.NASL
    descriptionMultiple issues have been fixed in gnutls. CVE-2008-1948 (GNUTLS-SA-2008-1-1), CVE-2008-1949 (GNUTLS-SA-2008-1-2) and CVE-2008-1950 (GNUTLS-SA-2008-1-3) have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id41514
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41514
    titleSuSE 10 Security Update : GnuTLS (ZYPP Patch Number 5543)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-180-01.NASL
    descriptionNew gnutls packages are available for Slackware 12.0, 12.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33288
    published2008-07-02
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33288
    titleSlackware 12.0 / 12.1 / current : gnutls (SSA:2008-180-01)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200805-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200805-20 (GnuTLS: Execution of arbitrary code) Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS:
    last seen2020-06-01
    modified2020-06-02
    plugin id32418
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32418
    titleGLSA-200805-20 : GnuTLS: Execution of arbitrary code
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-4274.NASL
    descriptionFixes critical security issue GNUTLS-SA-2008-1 described here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html All applications and system services which utilize gnutls library must be restarted for the updates to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32414
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32414
    titleFedora 7 : gnutls-1.6.3-3.fc7 (2008-4274)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0492.NASL
    descriptionUpdated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43689
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43689
    titleCentOS 4 : gnutls (CESA-2008:0492)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-4259.NASL
    descriptionFixes critical security issue GNUTLS-SA-2008-1 described here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html All applications and system services which utilize gnutls library must be restarted for the updates to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32412
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32412
    titleFedora 9 : gnutls-2.0.4-3.fc9 (2008-4259)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080520_GNUTLS_ON_SL4_X.NASL
    descriptionFlaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) At this time we have not seen any code that is using this exploit. But in Scientific Linux 5 there are some applications, that would be directly vulnerable if/when there is an exploit. Because of the potential threat we are labeling this important.
    last seen2020-06-01
    modified2020-06-02
    plugin id60400
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60400
    titleScientific Linux Security Update : gnutls on SL4.x i386/x86_64

Oval

accepted2013-04-29T04:13:46.851-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
familyunix
idoval:org.mitre.oval:def:11393
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
version28

Redhat

advisories
  • bugzilla
    id447463
    titleCVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentgnutls is earlier than 0:1.4.1-3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080489001
          • commentgnutls is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319006
        • AND
          • commentgnutls-devel is earlier than 0:1.4.1-3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080489003
          • commentgnutls-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319002
        • AND
          • commentgnutls-utils is earlier than 0:1.4.1-3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080489005
          • commentgnutls-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319004
    rhsa
    idRHSA-2008:0489
    released2008-05-20
    severityCritical
    titleRHSA-2008:0489: gnutls security update (Critical)
  • bugzilla
    id447463
    titleCVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentgnutls-devel is earlier than 0:1.0.20-4.el4_6
            ovaloval:com.redhat.rhsa:tst:20080492001
          • commentgnutls-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060207004
        • AND
          • commentgnutls is earlier than 0:1.0.20-4.el4_6
            ovaloval:com.redhat.rhsa:tst:20080492003
          • commentgnutls is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060207002
    rhsa
    idRHSA-2008:0492
    released2008-05-20
    severityImportant
    titleRHSA-2008:0492: gnutls security update (Important)
rpms
  • gnutls-0:1.4.1-3.el5_1
  • gnutls-debuginfo-0:1.4.1-3.el5_1
  • gnutls-devel-0:1.4.1-3.el5_1
  • gnutls-utils-0:1.4.1-3.el5_1
  • gnutls-0:1.0.20-4.el4_6
  • gnutls-debuginfo-0:1.0.20-4.el4_6
  • gnutls-devel-0:1.0.20-4.el4_6

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 29292 CVE(CAN) ID: CVE-2008-1948,CVE-2008-1949,CVE-2008-1950 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS在处理各种畸形TLS报文时存在多个安全漏洞,可能导致拒绝服务或完全入侵运行该库应用程序所在的操作系统。 如果用户所发送的Client Hello消息包含有Server Name扩展的话,就可能在lib/ext_server_name.c文件的_gnutls_server_name_recv_params()函数中触发堆溢出,导致执行任意代码。 lib/gnutls_kx.c文件的_gnutls_recv_client_kx_message()函数在处理包含有多个Client Hello消息的TLS报文时存在空指针引用,lib/gnutls_cipher.c文件的_gnutls_ciphertext2compressed()函数在处理加密TLS数据时存在符号错误,这两个漏洞都可能导致使用GnuTLS库的应用程序崩溃。 0 GnuTLS &lt; 2.2.5 Debian ------ Debian已经为此发布了一个安全公告(DSA-1581-1)以及相应补丁: DSA-1581-1:New gnutls13 packages fix potential code execution 链接:&lt;a href=http://www.debian.org/security/2008/dsa-1581 target=_blank&gt;http://www.debian.org/security/2008/dsa-1581&lt;/a&gt; 补丁下载: Source archives: &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz&lt;/a&gt; Size/MD5 checksum: 19173 12dfc774f73fbfff5a9853255eb4044e &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz&lt;/a&gt; Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc&lt;/a&gt; Size/MD5 checksum: 1251 f3b7538539a9a255eac70d8ed816e2d2 Architecture independent packages: &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb&lt;/a&gt; Size/MD5 checksum: 2305156 92f5504bb67e96400b279148ff36954a alpha architecture (DEC Alpha) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb&lt;/a&gt; Size/MD5 checksum: 327962 019adc4281f16b70ee32b6fb098b6db4 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb&lt;/a&gt; Size/MD5 checksum: 547270 baf92f790799abc128bb9efed980b53d &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb&lt;/a&gt; Size/MD5 checksum: 523926 fadab0e3396daaa51e25aaf764ebff32 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb&lt;/a&gt; Size/MD5 checksum: 196278 2435a7c5406d9e2ea0b75ab7c06f9ee9 amd64 architecture (AMD x86_64 (AMD64)) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb&lt;/a&gt; Size/MD5 checksum: 182806 c6be7ccc98eed7ed736e62494b816698 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb&lt;/a&gt; Size/MD5 checksum: 538864 a044b7f079d9e26263e019cc097961d2 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb&lt;/a&gt; Size/MD5 checksum: 314566 339849e531211778332d01e39e806b37 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb&lt;/a&gt; Size/MD5 checksum: 389130 830c1b21cdfd37cb104c8f5638e8ecd2 hppa architecture (HP PA RISC) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb&lt;/a&gt; Size/MD5 checksum: 521698 24bc2603d20bd09f1b50dbc284d7c002 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb&lt;/a&gt; Size/MD5 checksum: 183890 0f5af046360a12c7974af8b8f47c12ca &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb&lt;/a&gt; Size/MD5 checksum: 312458 bc455a6e70342a891e3e50928df33627 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb&lt;/a&gt; Size/MD5 checksum: 434892 d6e3aca67b9e59bb3689fda6a479d1d3 i386 architecture (Intel ia32) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb&lt;/a&gt; Size/MD5 checksum: 358100 a1417f99c68ccfe7fe3baaf5b0a82fc4 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb&lt;/a&gt; Size/MD5 checksum: 281748 1b968342495c6fd9e35974fe7794c66a &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb&lt;/a&gt; Size/MD5 checksum: 524782 4af9debc5ebb2f0afbb552599b04a1ea &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb&lt;/a&gt; Size/MD5 checksum: 172744 1fc64ca700778b7c076fe18078898293 ia64 architecture (Intel ia64) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb&lt;/a&gt; Size/MD5 checksum: 550132 6cdee2122fcabf7538cbb8a5f8a46dc8 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb&lt;/a&gt; Size/MD5 checksum: 527970 f79a04ada0467a5e2ad881486f180524 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb&lt;/a&gt; Size/MD5 checksum: 394710 f3539e1074b5fdf7b4e05a5ae18910d6 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb&lt;/a&gt; Size/MD5 checksum: 229100 a5b608a5d0b08366d46a7e7b378cb76f mips architecture (MIPS (Big Endian)) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb&lt;/a&gt; Size/MD5 checksum: 552510 4d33587b3d164660b88e1a0aece6de07 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb&lt;/a&gt; Size/MD5 checksum: 417916 e7b68ae5b9a26748f7ee5c608c6871ad &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb&lt;/a&gt; Size/MD5 checksum: 277948 b4aa68014ab9005a66dc04b8424fe941 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb&lt;/a&gt; Size/MD5 checksum: 181700 810ae6a3d92eb7609a0cfd32db043433 mipsel architecture (MIPS (Little Endian)) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb&lt;/a&gt; Size/MD5 checksum: 541700 657c1167d217eb639cf3655b486fcc62 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb&lt;/a&gt; Size/MD5 checksum: 417032 f3beae1dd61de2e3fac5d292fcb1c377 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb&lt;/a&gt; Size/MD5 checksum: 277698 48986a326282563af743147dc76f0fd5 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb&lt;/a&gt; Size/MD5 checksum: 182654 e86e98f4fbd9659b1b7da3f5ac3ca442 powerpc architecture (PowerPC) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb&lt;/a&gt; Size/MD5 checksum: 184542 dfed7b8ae7a888d65d82e28f4a15d0bd &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb&lt;/a&gt; Size/MD5 checksum: 288842 38db064a06a7b073e456425f74392a51 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb&lt;/a&gt; Size/MD5 checksum: 538618 9cfd7c7cdf36aea9c445e237156a8898 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb&lt;/a&gt; Size/MD5 checksum: 388748 50dd9f5a82dca333bdbd282992488eab s390 architecture (IBM S/390) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb&lt;/a&gt; Size/MD5 checksum: 537378 b60c8caef47fa70cc68399db3b1bde5a &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb&lt;/a&gt; Size/MD5 checksum: 311484 363d2d588467086e7fe144acbd420e56 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb&lt;/a&gt; Size/MD5 checksum: 184454 837c2b3b9e82118952a8051d4d52c5ee &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb&lt;/a&gt; Size/MD5 checksum: 380122 6345f76b43ce87b7419d5f519bb5ab98 sparc architecture (Sun SPARC/UltraSPARC) &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb&lt;/a&gt; Size/MD5 checksum: 491030 26a5ca2cb1de39a51c22e90d3894ee87 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb&lt;/a&gt; Size/MD5 checksum: 271018 4fc9a17eb374885cf809575bcecbe8a9 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb&lt;/a&gt; Size/MD5 checksum: 169546 a717fb3d1c0cf0b28069693d6da91495 &lt;a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb target=_blank&gt;http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb&lt;/a&gt; Size/MD5 checksum: 378820 7d307f07e38974f276b189eb90599161 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: &lt;a href=http://www.gnu.org/software/gnutls/releases/gnutls-2.2.5.tar.bz2 target=_blank&gt;http://www.gnu.org/software/gnutls/releases/gnutls-2.2.5.tar.bz2&lt;/a&gt; RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0489-01)以及相应补丁: RHSA-2008:0489-01:Critical: gnutls security update 链接:&lt;a href=https://www.redhat.com/support/errata/RHSA-2008-0489.html target=_blank&gt;https://www.redhat.com/support/errata/RHSA-2008-0489.html&lt;/a&gt;
idSSV:3314
last seen2017-11-19
modified2008-05-22
published2008-05-22
reporterRoot
titleGnuTLS堆溢出及拒绝服务漏洞

References