Vulnerabilities > CVE-2016-4008 - Resource Management Errors vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
canonical
opensuse
gnu
fedoraproject
CWE-399
nessus

Summary

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Vulnerable Configurations

Part Description Count
OS
Canonical
4
OS
Opensuse
1
OS
Fedoraproject
3
Application
Gnu
75

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2957-2.NASL
    descriptionUSN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90857
    published2016-05-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90857
    titleUbuntu 16.04 LTS : libtasn1-6 vulnerability (USN-2957-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2957-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90857);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2016-4008");
      script_xref(name:"USN", value:"2957-2");
    
      script_name(english:"Ubuntu 16.04 LTS : libtasn1-6 vulnerability (USN-2957-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the
    corresponding update for Ubuntu 16.04 LTS.
    
    Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly
    handled certain malformed DER certificates. A remote attacker could
    possibly use this issue to cause applications using Libtasn1 to hang,
    resulting in a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2957-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtasn1-6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtasn1-6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libtasn1-6", pkgver:"4.7-3ubuntu0.16.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1-6");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3568.NASL
    descriptionPascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id90927
    published2016-05-06
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90927
    titleDebian DSA-3568-1 : libtasn1-6 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1600-1.NASL
    descriptionThis update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93151
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93151
    titleSUSE SLES11 Security Update : libtasn1 (SUSE-SU-2016:1600-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1601-1.NASL
    descriptionThis update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93152
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93152
    titleSUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-716.NASL
    descriptionThis update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779)
    last seen2020-06-05
    modified2016-06-15
    plugin id91619
    published2016-06-15
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91619
    titleopenSUSE Security Update : libtasn1 (openSUSE-2016-716)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-96BFD9E873.NASL
    descriptionUpdate to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-28
    plugin id90770
    published2016-04-28
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90770
    titleFedora 22 : libtasn1-4.8-1.fc22 (2016-96bfd9e873)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-048FFB6235.NASL
    descriptionUpdate to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-22
    plugin id90640
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90640
    titleFedora 24 : libtasn1-4.8-1.fc24 (2016-048ffb6235)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013.NASL
    descriptionAn update of [ subversion, libtasn1, unzip, dhcp ] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111847
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111847
    titlePhoton OS 1.0: Dhcp / Libtasn1 / Subversion / Unzip PHSA-2016-0013 (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-383B8250E6.NASL
    descriptionUpdate to 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-22
    plugin id90645
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90645
    titleFedora 23 : libtasn1-4.8-1.fc23 (2016-383b8250e6)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1B0D2938076611E694FA002590263BF5.NASL
    descriptionGNU Libtasn1 NEWS reports : Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.
    last seen2020-06-01
    modified2020-06-02
    plugin id90605
    published2016-04-21
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90605
    titleFreeBSD : libtasn1 -- denial of service parsing malicious DER certificates (1b0d2938-0766-11e6-94fa-002590263bf5)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-773.NASL
    descriptionThis update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-06-28
    plugin id91868
    published2016-06-28
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91868
    titleopenSUSE Security Update : libtasn1 (openSUSE-2016-773)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-495.NASL
    description - CVE-2016-4008: infinite loop while parsing DER certificates The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. For Debian 7
    last seen2020-03-17
    modified2016-05-31
    plugin id91362
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91362
    titleDebian DLA-495-1 : libtasn1-3 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2957-1.NASL
    descriptionPascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90856
    published2016-05-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90856
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : libtasn1-3, libtasn1-6 vulnerability (USN-2957-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013_LIBTASN1.NASL
    descriptionAn update of the libtasn1 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121655
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121655
    titlePhoton OS 1.0: Libtasn1 PHSA-2016-0013
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201703-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201703-05 (GNU Libtasn1: Denial of Service) Libtasn1 does not correctly handle certain malformed DER certificates. Impact : A remote attacker could entice a user or automated system to process a specially crafted certificate using Libtasn1, resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id99012
    published2017-03-28
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99012
    titleGLSA-201703-05 : GNU Libtasn1: Denial of Service

References