Vulnerabilities > CVE-2009-1417 - Cryptographic Issues vulnerability in GNU Gnutls
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B31A1088460F11DEA11A0022156E8794.NASL description SecurityFocus reports : GnuTLS is prone to multiple remote vulnerabilities : - A remote code-execution vulnerability. - A denial-of-service vulnerability. - A signature-generation vulnerability. - A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers. last seen 2020-06-01 modified 2020-06-02 plugin id 40661 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40661 title FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(40661); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_bugtraq_id(34783); script_name(english:"FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "SecurityFocus reports : GnuTLS is prone to multiple remote vulnerabilities : - A remote code-execution vulnerability. - A denial-of-service vulnerability. - A signature-generation vulnerability. - A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers." ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515" ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516" ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517" ); # https://vuxml.freebsd.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c365e5ba" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gnutls<2.6.6")) flag++; if (pkg_test(save_report:TRUE, pkg:"gnutls-devel<2.7.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-116.NASL description Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 38815 published 2009-05-19 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38815 title Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:116. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(38815); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:51"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_xref(name:"MDVSA", value:"2009:116"); script_name(english:"Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls26"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.1", reference:"gnutls-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64gnutls-devel-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64gnutls26-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libgnutls-devel-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libgnutls26-2.3.0-2.5mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"gnutls-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64gnutls-devel-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64gnutls26-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libgnutls-devel-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libgnutls26-2.4.1-2.4mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"gnutls-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64gnutls-devel-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64gnutls26-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgnutls-devel-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgnutls26-2.6.4-1.2mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200905-04.NASL description The remote host is affected by the vulnerability described in GLSA-200905-04 (GnuTLS: Multiple vulnerabilities) The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the last seen 2020-06-01 modified 2020-06-02 plugin id 38885 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38885 title GLSA-200905-04 : GnuTLS: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200905-04. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(38885); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-1415", "CVE-2009-1416", "CVE-2009-1417"); script_xref(name:"GLSA", value:"200905-04"); script_name(english:"GLSA-200905-04 : GnuTLS: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200905-04 (GnuTLS: Multiple vulnerabilities) The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415). Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416). Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the 'gnutls-cli' program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417). Impact : A remote attacker could entice a user or automated system to process a specially crafted DSA certificate, possibly resulting in a Denial of Service condition. NOTE: This issue might have other unspecified impact including the execution of arbitrary code. Furthermore, a remote attacker could spoof signatures on certificates and the 'gnutls-cli' application can be tricked into accepting an invalid certificate. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200905-04" ); script_set_attribute( attribute:"solution", value: "All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(255, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-libs/gnutls", unaffected:make_list("ge 2.6.6"), vulnerable:make_list("lt 2.6.6"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GnuTLS"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-308.NASL description Multiple vulnerabilities has been found and corrected in gnutls : gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42994 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42994 title Mandriva Linux Security Advisory : gnutls (MDVSA-2009:308) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:308. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(42994); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-1417", "CVE-2009-2730"); script_bugtraq_id(35952); script_xref(name:"MDVSA", value:"2009:308"); script_name(english:"Mandriva Linux Security Advisory : gnutls (MDVSA-2009:308)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in gnutls : gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls13"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnutls13"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"gnutls-2.0.0-2.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gnutls-devel-2.0.0-2.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gnutls13-2.0.0-2.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgnutls-devel-2.0.0-2.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgnutls13-2.0.0-2.4mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34783 CVE(CAN) ID: CVE-2009-1416,CVE-2009-1415,CVE-2009-1417 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS中的多个安全漏洞可能被远程利用执行欺骗攻击、绕过某些安全限制或导致拒绝服务。 1) 处理无效DSA密钥中的错误可能导致释放无效内存,客户端应用可能会崩溃。 2) GnuTLS库生成的是RSA密钥而不是DSA密钥,而RSA密钥生成的是弱加密签名。 3) gnutls-cli应用没有正确地检查X.509证书的激活和过期日期,可能诱骗应用程序接受无效的证书。 0 GNU GnuTLS < 2.6.6 GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2 target=_blank rel=external nofollow>ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2</a> |
id | SSV:11185 |
last seen | 2017-11-19 |
modified | 2009-05-04 |
published | 2009-05-04 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-11185 |
title | GnuTLS库多个远程安全漏洞 |
Statements
contributor | Tomas Hoger |
lastmodified | 2009-08-11 |
organization | Red Hat |
statement | The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417 |
References
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
- http://secunia.com/advisories/34842
- http://secunia.com/advisories/35211
- http://security.gentoo.org/glsa/glsa-200905-04.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
- http://www.securityfocus.com/bid/34783
- http://www.securitytracker.com/id?1022159
- http://www.vupen.com/english/advisories/2009/1218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50261