Vulnerabilities > CVE-2014-3465 - Unspecified vulnerability in GNU Gnutls
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. Per http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-411.NASL description gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect (CVE-2014-3466) - NULL pointer dereference in gnutls_x509_dn_oid_name (CVE-2014-3465) last seen 2020-06-05 modified 2014-06-13 plugin id 75384 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75384 title openSUSE Security Update : gnutls (openSUSE-SU-2014:0763-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-411. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75384); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3465", "CVE-2014-3466"); script_name(english:"openSUSE Security Update : gnutls (openSUSE-SU-2014:0763-1)"); script_summary(english:"Check for the openSUSE-2014-411 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect (CVE-2014-3466) - NULL pointer dereference in gnutls_x509_dn_oid_name (CVE-2014-3465)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=880730" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=880733" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-06/msg00010.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-openssl27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls28-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"gnutls-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"gnutls-debuginfo-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"gnutls-debugsource-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls-devel-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls-openssl-devel-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls-openssl27-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls-openssl27-debuginfo-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls28-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutls28-debuginfo-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutlsxx-devel-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutlsxx28-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libgnutlsxx28-debuginfo-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libgnutls28-32bit-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libgnutls28-debuginfo-32bit-3.0.28-1.14.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"gnutls-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"gnutls-debuginfo-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"gnutls-debugsource-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls-devel-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls-openssl-devel-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls-openssl27-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls-openssl27-debuginfo-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls28-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutls28-debuginfo-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutlsxx-devel-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutlsxx28-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgnutlsxx28-debuginfo-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgnutls28-32bit-3.2.4-2.24.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgnutls28-debuginfo-32bit-3.2.4-2.24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0684.NASL description From Red Hat Security Advisory 2014:0684 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash. (CVE-2014-3465) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted. last seen 2020-06-01 modified 2020-06-02 plugin id 76731 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76731 title Oracle Linux 7 : gnutls (ELSA-2014-0684) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0684 and # Oracle Linux Security Advisory ELSA-2014-0684 respectively. # include("compat.inc"); if (description) { script_id(76731); script_version("1.5"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-3465", "CVE-2014-3466"); script_bugtraq_id(67739, 67741); script_xref(name:"RHSA", value:"2014:0684"); script_name(english:"Oracle Linux 7 : gnutls (ELSA-2014-0684)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:0684 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash. (CVE-2014-3465) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-July/004274.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-3.1.18-9.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-c++-3.1.18-9.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-dane-3.1.18-9.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-devel-3.1.18-9.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-utils-3.1.18-9.el7_0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-utils"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_GNUTLS_20141120.NASL description The remote Solaris system is missing necessary patches to address security updates : - The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. (CVE-2014-3465) - Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. (CVE-2014-3466) - Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data. (CVE-2014-3467) - The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. (CVE-2014-3468) - The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. (CVE-2014-3469) last seen 2020-06-01 modified 2020-06-02 plugin id 80632 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80632 title Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80632); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2014-3465", "CVE-2014-3466", "CVE-2014-3467", "CVE-2014-3468", "CVE-2014-3469"); script_name(english:"Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. (CVE-2014-3465) - Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. (CVE-2014-3466) - Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data. (CVE-2014-3467) - The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. (CVE-2014-3468) - The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. (CVE-2014-3469)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-gnutls script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5436882a" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.21.4.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:gnutls"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^gnutls$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.21.0.4.1", sru:"SRU 11.1.21.4.1") > 0) flag++; if (flag) { error_extra = 'Affected package : gnutls\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "gnutls");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-108.NASL description Updated gnutls packages fix security vulnerabilities : A NULL pointer dereference flaw was discovered in GnuTLS last seen 2020-06-01 modified 2020-06-02 plugin id 74417 published 2014-06-10 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74417 title Mandriva Linux Security Advisory : gnutls (MDVSA-2014:108) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:108. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(74417); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-3465", "CVE-2014-3466"); script_bugtraq_id(67739, 67741); script_xref(name:"MDVSA", value:"2014:108"); script_name(english:"Mandriva Linux Security Advisory : gnutls (MDVSA-2014:108)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gnutls packages fix security vulnerabilities : A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs (CVE-2014-3465). A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code (CVE-2014-3466)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0248.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls-ssl27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gnutls28"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"gnutls-3.0.28-1.7.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gnutls-devel-3.0.28-1.7.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gnutls-ssl27-3.0.28-1.7.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gnutls28-3.0.28-1.7.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-156-01.NASL description New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 74329 published 2014-06-06 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74329 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-09.NASL description The remote host is affected by the vulnerability described in GLSA-201406-09 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could utilize multiple vectors to spoof arbitrary SSL servers via a crafted certificate, execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76061 published 2014-06-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76061 title GLSA-201406-09 : GnuTLS: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-072.NASL description Updated gnutls packages fix security vulnerabilities : Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior) (CVE-2014-1959). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092). A NULL pointer dereference flaw was discovered in GnuTLS last seen 2020-06-01 modified 2020-06-02 plugin id 82325 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82325 title Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0684.NASL description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash. (CVE-2014-3465) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted. last seen 2020-06-01 modified 2020-06-02 plugin id 76893 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76893 title RHEL 7 : gnutls (RHSA-2014:0684)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html
- http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
- http://rhn.redhat.com/errata/RHSA-2014-0684.html
- http://secunia.com/advisories/59086
- https://bugzilla.redhat.com/show_bug.cgi?id=1101734
- https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6