Vulnerabilities > CVE-2009-1415 - Access of Uninitialized Pointer vulnerability in GNU Gnutls
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | GnuTLS 2.6.x libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS. CVE-2009-1415. Dos exploit for linux platform |
id | EDB-ID:32964 |
last seen | 2016-02-03 |
modified | 2009-04-30 |
published | 2009-04-30 |
reporter | Miroslav Kratochvil |
source | https://www.exploit-db.com/download/32964/ |
title | GnuTLS 2.6.x libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B31A1088460F11DEA11A0022156E8794.NASL description SecurityFocus reports : GnuTLS is prone to multiple remote vulnerabilities : - A remote code-execution vulnerability. - A denial-of-service vulnerability. - A signature-generation vulnerability. - A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers. last seen 2020-06-01 modified 2020-06-02 plugin id 40661 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40661 title FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(40661); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_bugtraq_id(34783); script_name(english:"FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "SecurityFocus reports : GnuTLS is prone to multiple remote vulnerabilities : - A remote code-execution vulnerability. - A denial-of-service vulnerability. - A signature-generation vulnerability. - A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers." ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515" ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516" ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517" ); # https://vuxml.freebsd.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c365e5ba" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gnutls<2.6.6")) flag++; if (pkg_test(save_report:TRUE, pkg:"gnutls-devel<2.7.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-116.NASL description Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 38815 published 2009-05-19 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38815 title Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:116. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(38815); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:51"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_xref(name:"MDVSA", value:"2009:116"); script_name(english:"Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls26"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.1", reference:"gnutls-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64gnutls-devel-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64gnutls26-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libgnutls-devel-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libgnutls26-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"gnutls-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64gnutls-devel-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64gnutls26-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libgnutls-devel-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libgnutls26-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"gnutls-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64gnutls-devel-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64gnutls26-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgnutls-devel-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgnutls26-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200905-04.NASL description The remote host is affected by the vulnerability described in GLSA-200905-04 (GnuTLS: Multiple vulnerabilities) The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the last seen 2020-06-01 modified 2020-06-02 plugin id 38885 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38885 title GLSA-200905-04 : GnuTLS: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200905-04. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(38885); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_xref(name:"GLSA", value:"200905-04"); script_name(english:"GLSA-200905-04 : GnuTLS: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200905-04 (GnuTLS: Multiple vulnerabilities) The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the 'gnutls-cli' program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417). Impact : A remote attacker could entice a user or automated system to process a specially crafted DSA certificate, possibly resulting in a Denial of Service condition. NOTE: This issue might have other unspecified impact including the execution of arbitrary code. Furthermore, a remote attacker could spoof signatures on certificates and the 'gnutls-cli' application can be tricked into accepting an invalid certificate. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200905-04" ); script_set_attribute( attribute:"solution", value: "All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-libs/gnutls", unaffected:make_list("ge 2.6.6"), vulnerable:make_list("lt 2.6.6"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GnuTLS"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-128-01.NASL description New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38719 published 2009-05-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38719 title Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2009-128-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(38719); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2009-1415", "CVE-2009-1416"); script_xref(name:"SSA", value:"2009-128-01"); script_name(english:"Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405571 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8e80aa0c" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.0", pkgname:"gnutls", pkgver:"2.6.2", pkgarch:"i486", pkgnum:"2_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"gnutls", pkgver:"2.6.2", pkgarch:"i486", pkgnum:"2_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"gnutls", pkgver:"2.6.2", pkgarch:"i486", pkgnum:"2_slack12.2")) flag++; if (slackware_check(osver:"current", pkgname:"gnutls", pkgver:"2.6.6", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
bulletinFamily exploit description No description provided by source. id SSV:86225 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86225 title GnuTLS 2.6.x libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS bulletinFamily exploit description BUGTRAQ ID: 34783 CVE(CAN) ID: CVE-2009-1416,CVE-2009-1415,CVE-2009-1417 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS中的多个安全漏洞可能被远程利用执行欺骗攻击、绕过某些安全限制或导致拒绝服务。 1) 处理无效DSA密钥中的错误可能导致释放无效内存,客户端应用可能会崩溃。 2) GnuTLS库生成的是RSA密钥而不是DSA密钥,而RSA密钥生成的是弱加密签名。 3) gnutls-cli应用没有正确地检查X.509证书的激活和过期日期,可能诱骗应用程序接受无效的证书。 0 GNU GnuTLS < 2.6.6 GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2 target=_blank rel=external nofollow>ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2</a> id SSV:11185 last seen 2017-11-19 modified 2009-05-04 published 2009-05-04 reporter Root source https://www.seebug.org/vuldb/ssvid-11185 title GnuTLS库多个远程安全漏洞
Statements
contributor | Tomas Hoger |
lastmodified | 2009-09-21 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions. |
References
- http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
- http://secunia.com/advisories/34842
- http://www.securitytracker.com/id?1022157
- http://www.vupen.com/english/advisories/2009/1218
- http://www.securityfocus.com/bid/34783
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
- http://security.gentoo.org/glsa/glsa-200905-04.xml
- http://secunia.com/advisories/35211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50445
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50257