Vulnerabilities > CVE-2009-2730 - Cryptographic Issues vulnerability in GNU Gnutls

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnu
CWE-310
nessus

Summary

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vulnerable Configurations

Part Description Count
Application
Gnu
130

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1232.NASL
    descriptionFrom Red Hat Security Advisory 2009:1232 : Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67916
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67916
    titleOracle Linux 4 / 5 : gnutls (ELSA-2009-1232)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1232 and 
    # Oracle Linux Security Advisory ELSA-2009-1232 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67916);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-2730");
      script_bugtraq_id(35952);
      script_xref(name:"RHSA", value:"2009:1232");
    
      script_name(english:"Oracle Linux 4 / 5 : gnutls (ELSA-2009-1232)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1232 :
    
    Updated gnutls packages that fix a security issue are now available
    for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The GnuTLS library provides support for cryptographic algorithms and
    for protocols such as Transport Layer Security (TLS).
    
    A flaw was discovered in the way GnuTLS handles NULL characters in
    certain fields of X.509 certificates. If an attacker is able to get a
    carefully-crafted certificate signed by a Certificate Authority
    trusted by an application using GnuTLS, the attacker could use the
    certificate during a man-in-the-middle attack and potentially confuse
    the application into accepting it by mistake. (CVE-2009-2730)
    
    Users of GnuTLS are advised to upgrade to these updated packages,
    which contain a backported patch that corrects this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-August/001131.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-August/001132.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gnutls packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"gnutls-1.0.20-4.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"gnutls-devel-1.0.20-4.0.1.el4_8.3")) flag++;
    
    if (rpm_check(release:"EL5", reference:"gnutls-1.4.1-3.el5_3.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gnutls-devel-1.4.1-3.el5_3.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gnutls-utils-1.4.1-3.el5_3.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-devel / gnutls-utils");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8622.NASL
    descriptionThis update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id41629
    published2009-09-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41629
    titleFedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-8622.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41629);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:30");
    
      script_cve_id("CVE-2009-2730");
      script_bugtraq_id(35952);
      script_xref(name:"FEDORA", value:"2009-8622");
    
      script_name(english:"Fedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes handling of NUL characters in certificate Common
    Name or subjectAltName fields especially in regards to comparsion to
    hostnames.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=516231"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029477.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1529beaf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gnutls package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC10", reference:"gnutls-2.4.2-5.fc10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_856A6F848B3011DE806200E0815B8DA8.NASL
    descriptionGnuTLS reports : By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.
    last seen2020-06-01
    modified2020-06-02
    plugin id40659
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40659
    titleFreeBSD : GnuTLS -- improper SSL certificate verification (856a6f84-8b30-11de-8062-00e0815b8da8)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize
    last seen2020-06-01
    modified2020-06-02
    plugin id59671
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59671
    titleGLSA-201206-18 : GnuTLS: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUTLS-6471.NASL
    descriptionThis update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen2020-06-01
    modified2020-06-02
    plugin id42002
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42002
    titleopenSUSE 10 Security Update : gnutls (gnutls-6471)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090826_GNUTLS_ON_SL4_X.NASL
    descriptionCVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4) A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730)
    last seen2020-06-01
    modified2020-06-02
    plugin id60647
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60647
    titleScientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8565.NASL
    descriptionThis update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id41628
    published2009-09-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41628
    titleFedora 11 : gnutls-2.6.6-3.fc11 (2009-8565)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-05 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : An attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority or to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, allowing for further exploitation. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56458
    published2011-10-12
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56458
    titleGLSA-201110-05 : GnuTLS: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-210.NASL
    descriptionA vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). This update fixes this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id40695
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40695
    titleMandriva Linux Security Advisory : gnutls (MDVSA-2009:210)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1935.NASL
    descriptionDan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id44800
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44800
    titleDebian DSA-1935-1 : gnutls13 gnutls26 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_GNUTLS-100208.NASL
    descriptiongnutls did not properly handle embedded
    last seen2020-06-01
    modified2020-06-02
    plugin id44618
    published2010-02-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44618
    titleopenSUSE Security Update : gnutls (gnutls-1938)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1232.NASL
    descriptionUpdated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40782
    published2009-08-27
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40782
    titleRHEL 4 / 5 : gnutls (RHSA-2009:1232)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12501.NASL
    descriptionThis update of GnuTLS improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2730 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id41323
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41323
    titleSuSE9 Security Update : GnuTLS (YOU Patch Number 12501)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-290-01.NASL
    descriptionNew gnutls packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id42168
    published2009-10-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42168
    titleSlackware 12.1 / 12.2 / 13.0 / current : gnutls (SSA:2009-290-01)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GNUTLS-090901.NASL
    descriptionThis update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen2020-06-01
    modified2020-06-02
    plugin id40903
    published2009-09-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40903
    titleopenSUSE Security Update : gnutls (gnutls-1259)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1232.NASL
    descriptionUpdated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40779
    published2009-08-27
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40779
    titleCentOS 4 / 5 : gnutls (CESA-2009:1232)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GNUTLS-090901.NASL
    descriptionThis update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen2020-06-01
    modified2020-06-02
    plugin id40904
    published2009-09-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40904
    titleopenSUSE Security Update : gnutls (gnutls-1259)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-308.NASL
    descriptionMultiple vulnerabilities has been found and corrected in gnutls : gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id42994
    published2009-12-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42994
    titleMandriva Linux Security Advisory : gnutls (MDVSA-2009:308)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-809-1.NASL
    descriptionMoxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730) Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409) USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40656
    published2009-08-20
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40656
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GNUTLS-090901.NASL
    descriptionThis update of gnutls improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2730 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id41399
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41399
    titleSuSE 11 Security Update : GnuTLS (SAT Patch Number 1260)

Oval

  • accepted2013-04-29T04:08:38.610-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionlibgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    familyunix
    idoval:org.mitre.oval:def:10778
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titlelibgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    version28
  • accepted2014-01-20T04:01:39.141-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionlibgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    familyunix
    idoval:org.mitre.oval:def:8409
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware GnuTLS vulnerability
    version7

Redhat

advisories
  • bugzilla
    id516231
    titleCVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentgnutls-devel is earlier than 0:1.0.20-4.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20091232001
          • commentgnutls-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060207004
        • AND
          • commentgnutls is earlier than 0:1.0.20-4.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20091232003
          • commentgnutls is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060207002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentgnutls-devel is earlier than 0:1.4.1-3.el5_3.5
            ovaloval:com.redhat.rhsa:tst:20091232006
          • commentgnutls-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319002
        • AND
          • commentgnutls is earlier than 0:1.4.1-3.el5_3.5
            ovaloval:com.redhat.rhsa:tst:20091232008
          • commentgnutls is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319006
        • AND
          • commentgnutls-utils is earlier than 0:1.4.1-3.el5_3.5
            ovaloval:com.redhat.rhsa:tst:20091232010
          • commentgnutls-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20120319004
    rhsa
    idRHSA-2009:1232
    released2009-08-26
    severityModerate
    titleRHSA-2009:1232: gnutls security update (Moderate)
  • rhsa
    idRHSA-2010:0095
rpms
  • gnutls-0:1.0.20-4.el4_8.3
  • gnutls-0:1.4.1-3.el5_3.5
  • gnutls-debuginfo-0:1.0.20-4.el4_8.3
  • gnutls-debuginfo-0:1.4.1-3.el5_3.5
  • gnutls-devel-0:1.0.20-4.el4_8.3
  • gnutls-devel-0:1.4.1-3.el5_3.5
  • gnutls-utils-0:1.4.1-3.el5_3.5