Vulnerabilities > CVE-2017-7869 - Out-of-bounds Write vulnerability in GNU Gnutls
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3318-1.NASL description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100781 published 2017-06-14 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100781 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : gnutls26, gnutls28 vulnerabilities (USN-3318-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3318-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(100781); script_version("3.7"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-7507", "CVE-2017-7869"); script_xref(name:"USN", value:"3318-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : gnutls26, gnutls28 vulnerabilities (USN-3318-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3318-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libgnutls26 and / or libgnutls30 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnutls30"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libgnutls26", pkgver:"2.12.23-12ubuntu2.8")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libgnutls30", pkgver:"3.4.10-4ubuntu1.3")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libgnutls30", pkgver:"3.5.3-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"libgnutls30", pkgver:"3.5.6-4ubuntu4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgnutls26 / libgnutls30"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20170801_GNUTLS_ON_SL7_X.NASL description The following packages have been upgraded to a later upstream version: gnutls (3.3.26). Security Fix(es) : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) last seen 2020-03-18 modified 2017-08-22 plugin id 102642 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102642 title Scientific Linux Security Update : gnutls on SL7.x x86_64 (20170801) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(102642); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2016-7444", "CVE-2017-5334", "CVE-2017-5335", "CVE-2017-5336", "CVE-2017-5337", "CVE-2017-7507", "CVE-2017-7869"); script_name(english:"Scientific Linux Security Update : gnutls on SL7.x x86_64 (20170801)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following packages have been upgraded to a later upstream version: gnutls (3.3.26). Security Fix(es) : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=10261 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f99f9a2e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/27"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-3.3.26-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-c++-3.3.26-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-dane-3.3.26-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-debuginfo-3.3.26-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-devel-3.3.26-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnutls-utils-3.3.26-9.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-c++ / gnutls-dane / gnutls-debuginfo / gnutls-devel / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1203.NASL description According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103061 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103061 title EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103061); script_version("3.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2016-7444", "CVE-2017-5334", "CVE-2017-5335", "CVE-2017-5336", "CVE-2017-5337", "CVE-2017-7507" ); script_name(english:"EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1203 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91370497"); script_set_attribute(attribute:"solution", value: "Update the affected gnutls packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["gnutls-3.3.26-9", "gnutls-c++-3.3.26-9", "gnutls-dane-3.3.26-9", "gnutls-devel-3.3.26-9", "gnutls-utils-3.3.26-9"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2292.NASL description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102759 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102759 title CentOS 7 : gnutls (CESA-2017:2292) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2292 and # CentOS Errata and Security Advisory 2017:2292 respectively. # include("compat.inc"); if (description) { script_id(102759); script_version("3.7"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2016-7444", "CVE-2017-5334", "CVE-2017-5335", "CVE-2017-5336", "CVE-2017-5337", "CVE-2017-7507", "CVE-2017-7869"); script_xref(name:"RHSA", value:"2017:2292"); script_name(english:"CentOS 7 : gnutls (CESA-2017:2292)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004178.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f298e83" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5334"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/27"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gnutls-3.3.26-9.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gnutls-c++-3.3.26-9.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gnutls-dane-3.3.26-9.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gnutls-devel-3.3.26-9.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gnutls-utils-3.3.26-9.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-utils"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2292.NASL description From Red Hat Security Advisory 2017:2292 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102303 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102303 title Oracle Linux 7 : gnutls (ELSA-2017-2292) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2292 and # Oracle Linux Security Advisory ELSA-2017-2292 respectively. # include("compat.inc"); if (description) { script_id(102303); script_version("3.5"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2016-7444", "CVE-2017-5334", "CVE-2017-5335", "CVE-2017-5336", "CVE-2017-5337", "CVE-2017-7507", "CVE-2017-7869"); script_xref(name:"RHSA", value:"2017:2292"); script_name(english:"Oracle Linux 7 : gnutls (ELSA-2017-2292)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2017:2292 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2017-August/007095.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-dane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnutls-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/27"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-3.3.26-9.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-c++-3.3.26-9.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-dane-3.3.26-9.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-devel-3.3.26-9.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"gnutls-utils-3.3.26-9.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-c++ / gnutls-dane / gnutls-devel / gnutls-utils"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1838-1.NASL description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101393 published 2017-07-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101393 title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1838-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(101393); script_version("3.7"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2017-7507", "CVE-2017-7869"); script_name(english:"SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1034173" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038337" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043398" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7507/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7869/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171838-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7860feca" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1133=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1133=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1133=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1133=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-openssl27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-openssl27-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"gnutls-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"gnutls-debuginfo-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"gnutls-debugsource-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls-openssl27-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls-openssl27-debuginfo-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls28-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls28-debuginfo-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls28-32bit-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libgnutls28-debuginfo-32bit-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"gnutls-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"gnutls-debuginfo-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"gnutls-debugsource-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libgnutls28-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libgnutls28-32bit-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libgnutls28-debuginfo-3.2.15-18.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libgnutls28-debuginfo-32bit-3.2.15-18.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0016.NASL description An update of [gnutls,openjdk,openjre] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111865 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111865 title Photon OS 1.0: Gnutls / Linux / Openjdk / Openjre PHSA-2017-0016 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1886-1.NASL description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack-based buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101768 published 2017-07-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101768 title SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:1886-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2292.NASL description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102116 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102116 title RHEL 7 : gnutls (RHSA-2017:2292) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1115.NASL description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor last seen 2020-05-06 modified 2017-07-10 plugin id 101306 published 2017-07-10 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101306 title EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1115) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1111.NASL description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor last seen 2020-05-06 modified 2017-06-12 plugin id 100722 published 2017-06-12 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100722 title EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1111) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1204.NASL description According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103062 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103062 title EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1204) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-824.NASL description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-07-17 plugin id 101759 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101759 title openSUSE Security Update : gnutls (openSUSE-2017-824) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0016_GNUTLS.NASL description An update of the gnutls package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121691 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121691 title Photon OS 1.0: Gnutls PHSA-2017-0016
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/97040
- http://www.securityfocus.com/bid/97040
- https://access.redhat.com/errata/RHSA-2017:2292
- https://access.redhat.com/errata/RHSA-2017:2292
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
- https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
- https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
- https://www.gnutls.org/security.html
- https://www.gnutls.org/security.html