Vulnerabilities > CVE-2016-4008 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2957-2.NASL description USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90857 published 2016-05-03 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90857 title Ubuntu 16.04 LTS : libtasn1-6 vulnerability (USN-2957-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2957-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(90857); script_version("2.8"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2016-4008"); script_xref(name:"USN", value:"2957-2"); script_name(english:"Ubuntu 16.04 LTS : libtasn1-6 vulnerability (USN-2957-2)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2957-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected libtasn1-6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtasn1-6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libtasn1-6", pkgver:"4.7-3ubuntu0.16.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1-6"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3568.NASL description Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 90927 published 2016-05-06 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90927 title Debian DSA-3568-1 : libtasn1-6 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1600-1.NASL description This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93151 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93151 title SUSE SLES11 Security Update : libtasn1 (SUSE-SU-2016:1600-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1601-1.NASL description This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93152 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93152 title SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-716.NASL description This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) last seen 2020-06-05 modified 2016-06-15 plugin id 91619 published 2016-06-15 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91619 title openSUSE Security Update : libtasn1 (openSUSE-2016-716) NASL family Fedora Local Security Checks NASL id FEDORA_2016-96BFD9E873.NASL description Update to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-04-28 plugin id 90770 published 2016-04-28 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90770 title Fedora 22 : libtasn1-4.8-1.fc22 (2016-96bfd9e873) NASL family Fedora Local Security Checks NASL id FEDORA_2016-048FFB6235.NASL description Update to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-04-22 plugin id 90640 published 2016-04-22 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90640 title Fedora 24 : libtasn1-4.8-1.fc24 (2016-048ffb6235) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2016-0013.NASL description An update of [ subversion, libtasn1, unzip, dhcp ] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111847 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111847 title Photon OS 1.0: Dhcp / Libtasn1 / Subversion / Unzip PHSA-2016-0013 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2016-383B8250E6.NASL description Update to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-04-22 plugin id 90645 published 2016-04-22 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90645 title Fedora 23 : libtasn1-4.8-1.fc23 (2016-383b8250e6) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1B0D2938076611E694FA002590263BF5.NASL description GNU Libtasn1 NEWS reports : Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq. last seen 2020-06-01 modified 2020-06-02 plugin id 90605 published 2016-04-21 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90605 title FreeBSD : libtasn1 -- denial of service parsing malicious DER certificates (1b0d2938-0766-11e6-94fa-002590263bf5) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-773.NASL description This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-06-28 plugin id 91868 published 2016-06-28 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91868 title openSUSE Security Update : libtasn1 (openSUSE-2016-773) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-495.NASL description - CVE-2016-4008: infinite loop while parsing DER certificates The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. For Debian 7 last seen 2020-03-17 modified 2016-05-31 plugin id 91362 published 2016-05-31 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91362 title Debian DLA-495-1 : libtasn1-3 security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2957-1.NASL description Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90856 published 2016-05-03 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90856 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : libtasn1-3, libtasn1-6 vulnerability (USN-2957-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2016-0013_LIBTASN1.NASL description An update of the libtasn1 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121655 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121655 title Photon OS 1.0: Libtasn1 PHSA-2016-0013 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201703-05.NASL description The remote host is affected by the vulnerability described in GLSA-201703-05 (GNU Libtasn1: Denial of Service) Libtasn1 does not correctly handle certain malformed DER certificates. Impact : A remote attacker could entice a user or automated system to process a specially crafted certificate using Libtasn1, resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 99012 published 2017-03-28 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/99012 title GLSA-201703-05 : GNU Libtasn1: Denial of Service
References
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
- http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html
- http://www.debian.org/security/2016/dsa-3568
- http://www.debian.org/security/2016/dsa-3568
- http://www.openwall.com/lists/oss-security/2016/04/11/3
- http://www.openwall.com/lists/oss-security/2016/04/11/3
- http://www.ubuntu.com/usn/USN-2957-1
- http://www.ubuntu.com/usn/USN-2957-1
- http://www.ubuntu.com/usn/USN-2957-2
- http://www.ubuntu.com/usn/USN-2957-2
- https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html
- https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html
- https://security.gentoo.org/glsa/201703-05
- https://security.gentoo.org/glsa/201703-05