Vulnerabilities > CVE-2015-3308 - Denial of Service vulnerability in GnuTLS 'x509_ext.c' Use After Free

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnu
canonical
nessus

Summary

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>

Vulnerable Configurations

Part Description Count
Application
Gnu
269
OS
Canonical
1

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201506-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201506-03 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and external references below for details. Impact : A context-dependent attacker can cause a denial of service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84331
    published2015-06-23
    reporterThis script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84331
    titleGLSA-201506-03 : GnuTLS: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201506-03.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84331);
      script_version("$Revision: 2.3 $");
      script_cvs_date("$Date: 2017/10/02 21:12:27 $");
    
      script_cve_id("CVE-2015-3308");
      script_xref(name:"GLSA", value:"201506-03");
    
      script_name(english:"GLSA-201506-03 : GnuTLS: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201506-03
    (GnuTLS: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in GnuTLS. Please review
          the CVE identifiers and external references below for details.
      
    Impact :
    
        A context-dependent attacker can cause a denial of service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.gnutls.org/security.html#GNUTLS-SA-2015-2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201506-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All GnuTLS users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-libs/gnutls-3.3.15'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnutls");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-libs/gnutls", unaffected:make_list("ge 3.3.15"), vulnerable:make_list("lt 3.3.15"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GnuTLS");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2727-1.NASL
    descriptionIt was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-3308) Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-6251). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85735
    published2015-09-02
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85735
    titleUbuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2727-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85735);
      script_version("2.5");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2015-3308", "CVE-2015-6251");
      script_xref(name:"USN", value:"2727-1");
    
      script_name(english:"Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that GnuTLS incorrectly handled parsing CRL
    distribution points. A remote attacker could possibly use this issue
    to cause a denial of service, or execute arbitrary code.
    (CVE-2015-3308)
    
    Kurt Roeckx discovered that GnuTLS incorrectly handled a long
    DistinguishedName (DN) entry in a certificate. A remote attacker could
    possibly use this issue to cause a denial of service, or execute
    arbitrary code. (CVE-2015-6251).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2727-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libgnutls-deb0-28 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls-deb0-28");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"15.04", pkgname:"libgnutls-deb0-28", pkgver:"3.3.8-3ubuntu3.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgnutls-deb0-28");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2590.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.(CVE-2015-3308) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132125
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132125
    titleEulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2590)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132125);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2015-3308"
      );
      script_bugtraq_id(
        74188
      );
    
      script_name(english:"EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2590)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the gnutls packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - Double free vulnerability in lib/x509/x509_ext.c in
        GnuTLS before 3.3.14 allows remote attackers to cause a
        denial of service or possibly have unspecified other
        impact via a crafted CRL distribution
        point.(CVE-2015-3308)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2590
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7a9692de");
      script_set_attribute(attribute:"solution", value:
    "Update the affected gnutls package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-dane");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["gnutls-3.3.26-9.h4",
            "gnutls-c++-3.3.26-9.h4",
            "gnutls-dane-3.3.26-9.h4",
            "gnutls-devel-3.3.26-9.h4",
            "gnutls-utils-3.3.26-9.h4"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2432.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.(CVE-2015-3308) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131586
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131586
    titleEulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-2432)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-5131.NASL
    descriptionnew upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-22
    plugin id82949
    published2015-04-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82949
    titleFedora 22 : gnutls-3.3.14-1.fc22 (2015-5131)