ID CVE-2011-4128
Summary Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
References
Vulnerable Configurations
  • GNU GnuTLS 2.12.0
    cpe:2.3:a:gnu:gnutls:2.12.0
  • GNU GnuTLS 2.12.1
    cpe:2.3:a:gnu:gnutls:2.12.1
  • GNU GnuTLS 2.12.2
    cpe:2.3:a:gnu:gnutls:2.12.2
  • GNU GnuTLS 2.12.3
    cpe:2.3:a:gnu:gnutls:2.12.3
  • GNU GnuTLS 2.12.4
    cpe:2.3:a:gnu:gnutls:2.12.4
  • GNU GnuTLS 2.12.5
    cpe:2.3:a:gnu:gnutls:2.12.5
  • GNU GnuTLS 2.12.6
    cpe:2.3:a:gnu:gnutls:2.12.6
  • GNU GnuTLS 2.12.6.1
    cpe:2.3:a:gnu:gnutls:2.12.6.1
  • GNU GnuTLS 2.12.7
    cpe:2.3:a:gnu:gnutls:2.12.7
  • GNU GnuTLS 2.12.8
    cpe:2.3:a:gnu:gnutls:2.12.8
  • GNU GnuTLS 2.12.9
    cpe:2.3:a:gnu:gnutls:2.12.9
  • GNU GnuTLS 2.12.10
    cpe:2.3:a:gnu:gnutls:2.12.10
  • GNU GnuTLS 2.12.11
    cpe:2.3:a:gnu:gnutls:2.12.11
  • GNU GnuTLS 2.12.12
    cpe:2.3:a:gnu:gnutls:2.12.12
  • GNU GnuTLS 2.12.13
    cpe:2.3:a:gnu:gnutls:2.12.13
  • GNU GnuTLS 3.0.0
    cpe:2.3:a:gnu:gnutls:3.0.0
  • GNU GnuTLS 3.0.1
    cpe:2.3:a:gnu:gnutls:3.0.1
  • GNU GnuTLS 3.0.2
    cpe:2.3:a:gnu:gnutls:3.0.2
  • GNU GnuTLS 3.0.3
    cpe:2.3:a:gnu:gnutls:3.0.3
  • GNU GnuTLS 3.0.4
    cpe:2.3:a:gnu:gnutls:3.0.4
  • GNU GnuTLS 3.0.5
    cpe:2.3:a:gnu:gnutls:3.0.5
  • GNU GnuTLS 3.0.6
    cpe:2.3:a:gnu:gnutls:3.0.6
CVSS
Base: 4.3 (as of 09-12-2011 - 14:22)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GNUTLS-120123.NASL
    description This update for GnuTLS provides the following fixes : - Fix typo in patch for gnutls-cli that can cause a crash. (bnc#659907) - Fix Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c , when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. (CVE-2011-4128)
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 57696
    published 2012-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57696
    title SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 5684)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize '\\0' characters from certificate fields (CVE-2009-2730). An error in the TLS and SSL protocols mistreats renegotiation handshakes (CVE-2009-3555). A boundary error in the 'gnutls_session_get_data()' function in gnutls_session.c could cause a buffer overflow (CVE-2011-4128). An error in the '_gnutls_ciphertext2compressed()' function in gnutls_cipher.c could cause memory corruption (CVE-2012-1573). Impact : A remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers or cause a Denial of Service condition in applications linked against GnuTLS. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-07-11
    plugin id 59671
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59671
    title GLSA-201206-18 : GnuTLS: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-59.NASL
    description A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128)
    last seen 2018-09-02
    modified 2018-04-18
    plugin id 69666
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69666
    title Amazon Linux AMI : gnutls (ALAS-2012-59)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-287-03.NASL
    description New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues.
    last seen 2018-09-02
    modified 2013-10-16
    plugin id 70439
    published 2013-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70439
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-045.NASL
    description A vulnerability has been found and corrected in GnuTLS : Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket (CVE-2011-4128). The updated packages have been patched to correct this issue.
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 58557
    published 2012-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58557
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2012:045)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0428.NASL
    description From Red Hat Security Advisory 2012:0428 : Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 68503
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68503
    title Oracle Linux 5 : gnutls (ELSA-2012-0428)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4569.NASL
    description Important security update fixing two security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-20
    plugin id 58668
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58668
    title Fedora 15 : gnutls-2.10.5-3.fc15 (2012-4569)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2018-09-01
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0429.NASL
    description From Red Hat Security Advisory 2012:0429 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 68504
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68504
    title Oracle Linux 6 : gnutls (ELSA-2012-0429)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_GNUTLS_ON_SL5_X.NASL
    description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-09-01
    modified 2014-08-16
    plugin id 61290
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61290
    title Scientific Linux Security Update : gnutls on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_GNUTLS_ON_SL6_X.NASL
    description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-09-02
    modified 2014-08-16
    plugin id 61291
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61291
    title Scientific Linux Security Update : gnutls on SL6.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BDEC8DC20B3B11E1B722001CC0476564.NASL
    description The GnuTLS team reports : GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 56763
    published 2011-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56763
    title FreeBSD : gnutls -- client session resumption vulnerability (bdec8dc2-0b3b-11e1-b722-001cc0476564)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0488.NASL
    description An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-1583 (kernel issue) CVE-2011-3045 (libpng issue) CVE-2012-0884 and CVE-2012-1165 (openssl issues) Further information on the changes made to the package is available on the relevant errata : https://rhn.redhat.com/errata/RHBA-2012-0398.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2018-11-27
    modified 2018-11-26
    plugin id 79286
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79286
    title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0429.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-11-27
    modified 2018-11-26
    plugin id 58510
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58510
    title RHEL 6 : gnutls (RHSA-2012:0429)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_GNUTLS_20121016.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. (CVE-2011-4128)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 80628
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80628
    title Oracle Solaris Third-Party Patch Update : gnutls (cve_2011_4128_buffer_overflow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-11-27
    modified 2018-11-26
    plugin id 58509
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58509
    title RHEL 5 : gnutls (RHSA-2012:0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0429.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 58519
    published 2012-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58519
    title CentOS 6 : gnutls (CESA-2012:0429)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 58504
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58504
    title CentOS 5 : gnutls (CESA-2012:0428)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_GNUTLS-120124.NASL
    description Large server tickets could crash gnutls clients. CVE-2011-4128 has been assigned to this issue.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75855
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75855
    title openSUSE Security Update : gnutls (openSUSE-SU-2012:0215-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0531.NASL
    description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 78922
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78922
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1418-1.NASL
    description Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. (CVE-2011-4128) Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. (CVE-2012-1573). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 58618
    published 2012-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58618
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1)
redhat via4
advisories
  • rhsa
    id RHSA-2012:0429
  • rhsa
    id RHSA-2012:0488
  • rhsa
    id RHSA-2012:0531
rpms
  • gnutls-0:1.4.1-7.el5_8.2
  • gnutls-devel-0:1.4.1-7.el5_8.2
  • gnutls-utils-0:1.4.1-7.el5_8.2
  • gnutls-0:2.8.5-4.el6_2.2
  • gnutls-devel-0:2.8.5-4.el6_2.2
  • gnutls-guile-0:2.8.5-4.el6_2.2
  • gnutls-utils-0:2.8.5-4.el6_2.2
refmap via4
confirm
fedora FEDORA-2012-4569
mandriva MDVSA-2012:045
mlist
  • [gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data
  • [oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
  • [oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
secunia
  • 48596
  • 48712
ubuntu USN-1418-1
vmware via4
description The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console glibc RPM
Last major update 03-05-2013 - 23:13
Published 08-12-2011 - 15:55
Last modified 28-12-2017 - 21:29
Back to Top