ID CVE-2012-1569
Summary The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
Vulnerable Configurations
  • GNU GnuTLS 1.0.16
    cpe:2.3:a:gnu:gnutls:1.0.16
  • GNU GnuTLS 1.0.17
    cpe:2.3:a:gnu:gnutls:1.0.17
  • GNU GnuTLS 1.0.18
    cpe:2.3:a:gnu:gnutls:1.0.18
  • GNU GnuTLS 1.0.19
    cpe:2.3:a:gnu:gnutls:1.0.19
  • GNU GnuTLS 1.0.20
    cpe:2.3:a:gnu:gnutls:1.0.20
  • GNU GnuTLS 1.0.21
    cpe:2.3:a:gnu:gnutls:1.0.21
  • GNU GnuTLS 1.0.22
    cpe:2.3:a:gnu:gnutls:1.0.22
  • GNU GnuTLS 1.0.23
    cpe:2.3:a:gnu:gnutls:1.0.23
  • GNU GnuTLS 1.0.24
    cpe:2.3:a:gnu:gnutls:1.0.24
  • GNU GnuTLS 1.0.25
    cpe:2.3:a:gnu:gnutls:1.0.25
  • GNU GnuTLS 1.1.13
    cpe:2.3:a:gnu:gnutls:1.1.13
  • GNU GnuTLS 1.1.14
    cpe:2.3:a:gnu:gnutls:1.1.14
  • GNU GnuTLS 1.1.15
    cpe:2.3:a:gnu:gnutls:1.1.15
  • GNU GnuTLS 1.1.16
    cpe:2.3:a:gnu:gnutls:1.1.16
  • GNU GnuTLS 1.1.17
    cpe:2.3:a:gnu:gnutls:1.1.17
  • GNU GnuTLS 1.1.18
    cpe:2.3:a:gnu:gnutls:1.1.18
  • GNU GnuTLS 1.1.19
    cpe:2.3:a:gnu:gnutls:1.1.19
  • GNU GnuTLS 1.1.20
    cpe:2.3:a:gnu:gnutls:1.1.20
  • GNU GnuTLS 1.1.21
    cpe:2.3:a:gnu:gnutls:1.1.21
  • GNU GnuTLS 1.1.22
    cpe:2.3:a:gnu:gnutls:1.1.22
  • GNU GnuTLS 1.1.23
    cpe:2.3:a:gnu:gnutls:1.1.23
  • GNU GnuTLS 1.2.0
    cpe:2.3:a:gnu:gnutls:1.2.0
  • GNU GnuTLS 1.2.1
    cpe:2.3:a:gnu:gnutls:1.2.1
  • GNU GnuTLS 1.2.2
    cpe:2.3:a:gnu:gnutls:1.2.2
  • GNU GnuTLS 1.2.3
    cpe:2.3:a:gnu:gnutls:1.2.3
  • GNU GnuTLS 1.2.4
    cpe:2.3:a:gnu:gnutls:1.2.4
  • GNU GnuTLS 1.2.5
    cpe:2.3:a:gnu:gnutls:1.2.5
  • GNU GnuTLS 1.2.6
    cpe:2.3:a:gnu:gnutls:1.2.6
  • GNU GnuTLS 1.2.7
    cpe:2.3:a:gnu:gnutls:1.2.7
  • GNU GnuTLS 1.2.8
    cpe:2.3:a:gnu:gnutls:1.2.8
  • GNU GnuTLS 1.2.8.1a1
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1
  • GNU GnuTLS 1.2.9
    cpe:2.3:a:gnu:gnutls:1.2.9
  • GNU GnuTLS 1.2.10
    cpe:2.3:a:gnu:gnutls:1.2.10
  • GNU GnuTLS 1.2.11
    cpe:2.3:a:gnu:gnutls:1.2.11
  • GNU GnuTLS 1.3.0
    cpe:2.3:a:gnu:gnutls:1.3.0
  • GNU GnuTLS 1.3.1
    cpe:2.3:a:gnu:gnutls:1.3.1
  • GNU GnuTLS 1.3.2
    cpe:2.3:a:gnu:gnutls:1.3.2
  • GNU GnuTLS 1.3.3
    cpe:2.3:a:gnu:gnutls:1.3.3
  • GNU GnuTLS 1.3.4
    cpe:2.3:a:gnu:gnutls:1.3.4
  • GNU GnuTLS 1.3.5
    cpe:2.3:a:gnu:gnutls:1.3.5
  • GNU GnuTLS 1.4.0
    cpe:2.3:a:gnu:gnutls:1.4.0
  • GNU GnuTLS 1.4.1
    cpe:2.3:a:gnu:gnutls:1.4.1
  • GNU GnuTLS 1.4.2
    cpe:2.3:a:gnu:gnutls:1.4.2
  • GNU GnuTLS 1.4.3
    cpe:2.3:a:gnu:gnutls:1.4.3
  • GNU GnuTLS 1.4.4
    cpe:2.3:a:gnu:gnutls:1.4.4
  • GNU GnuTLS 1.4.5
    cpe:2.3:a:gnu:gnutls:1.4.5
  • GNU GnuTLS 1.5.0
    cpe:2.3:a:gnu:gnutls:1.5.0
  • GNU GnuTLS 1.5.1
    cpe:2.3:a:gnu:gnutls:1.5.1
  • GNU GnuTLS 1.5.2
    cpe:2.3:a:gnu:gnutls:1.5.2
  • GNU GnuTLS 1.5.3
    cpe:2.3:a:gnu:gnutls:1.5.3
  • GNU GnuTLS 1.5.4
    cpe:2.3:a:gnu:gnutls:1.5.4
  • GNU GnuTLS 1.5.5
    cpe:2.3:a:gnu:gnutls:1.5.5
  • GNU GnuTLS 1.6.0
    cpe:2.3:a:gnu:gnutls:1.6.0
  • GNU GnuTLS 1.6.1
    cpe:2.3:a:gnu:gnutls:1.6.1
  • GNU GnuTLS 1.6.2
    cpe:2.3:a:gnu:gnutls:1.6.2
  • GNU GnuTLS 1.6.3
    cpe:2.3:a:gnu:gnutls:1.6.3
  • GNU GnuTLS 1.7.0
    cpe:2.3:a:gnu:gnutls:1.7.0
  • GNU GnuTLS 1.7.1
    cpe:2.3:a:gnu:gnutls:1.7.1
  • GNU GnuTLS 1.7.2
    cpe:2.3:a:gnu:gnutls:1.7.2
  • GNU GnuTLS 1.7.3
    cpe:2.3:a:gnu:gnutls:1.7.3
  • GNU GnuTLS 1.7.4
    cpe:2.3:a:gnu:gnutls:1.7.4
  • GNU GnuTLS 1.7.5
    cpe:2.3:a:gnu:gnutls:1.7.5
  • GNU GnuTLS 1.7.6
    cpe:2.3:a:gnu:gnutls:1.7.6
  • GNU GnuTLS 1.7.7
    cpe:2.3:a:gnu:gnutls:1.7.7
  • GNU GnuTLS 1.7.8
    cpe:2.3:a:gnu:gnutls:1.7.8
  • GNU GnuTLS 1.7.9
    cpe:2.3:a:gnu:gnutls:1.7.9
  • GNU GnuTLS 1.7.10
    cpe:2.3:a:gnu:gnutls:1.7.10
  • GNU GnuTLS 1.7.11
    cpe:2.3:a:gnu:gnutls:1.7.11
  • GNU GnuTLS 1.7.12
    cpe:2.3:a:gnu:gnutls:1.7.12
  • GNU GnuTLS 1.7.13
    cpe:2.3:a:gnu:gnutls:1.7.13
  • GNU GnuTLS 1.7.14
    cpe:2.3:a:gnu:gnutls:1.7.14
  • GNU GnuTLS 1.7.15
    cpe:2.3:a:gnu:gnutls:1.7.15
  • GNU GnuTLS 1.7.16
    cpe:2.3:a:gnu:gnutls:1.7.16
  • GNU GnuTLS 1.7.17
    cpe:2.3:a:gnu:gnutls:1.7.17
  • GNU GnuTLS 1.7.18
    cpe:2.3:a:gnu:gnutls:1.7.18
  • GNU GnuTLS 1.7.19
    cpe:2.3:a:gnu:gnutls:1.7.19
  • GNU GnuTLS 2.0.0
    cpe:2.3:a:gnu:gnutls:2.0.0
  • GNU GnuTLS 2.0.1
    cpe:2.3:a:gnu:gnutls:2.0.1
  • GNU GnuTLS 2.0.2
    cpe:2.3:a:gnu:gnutls:2.0.2
  • GNU GnuTLS 2.0.3
    cpe:2.3:a:gnu:gnutls:2.0.3
  • GNU GnuTLS 2.0.4
    cpe:2.3:a:gnu:gnutls:2.0.4
  • GNU GnuTLS 2.1.0
    cpe:2.3:a:gnu:gnutls:2.1.0
  • GNU GnuTLS 2.1.1
    cpe:2.3:a:gnu:gnutls:2.1.1
  • GNU GnuTLS 2.1.2
    cpe:2.3:a:gnu:gnutls:2.1.2
  • GNU GnuTLS 2.1.3
    cpe:2.3:a:gnu:gnutls:2.1.3
  • GNU GnuTLS 2.1.4
    cpe:2.3:a:gnu:gnutls:2.1.4
  • GNU GnuTLS 2.1.5
    cpe:2.3:a:gnu:gnutls:2.1.5
  • GNU GnuTLS 2.1.6
    cpe:2.3:a:gnu:gnutls:2.1.6
  • GNU GnuTLS 2.1.7
    cpe:2.3:a:gnu:gnutls:2.1.7
  • GNU GnuTLS 2.1.8
    cpe:2.3:a:gnu:gnutls:2.1.8
  • GNU GnuTLS 2.2.0
    cpe:2.3:a:gnu:gnutls:2.2.0
  • GNU GnuTLS 2.2.1
    cpe:2.3:a:gnu:gnutls:2.2.1
  • GNU GnuTLS 2.2.2
    cpe:2.3:a:gnu:gnutls:2.2.2
  • GNU GnuTLS 2.2.3
    cpe:2.3:a:gnu:gnutls:2.2.3
  • GNU GnuTLS 2.2.4
    cpe:2.3:a:gnu:gnutls:2.2.4
  • GNU GnuTLS 2.2.5
    cpe:2.3:a:gnu:gnutls:2.2.5
  • GNU GnuTLS 2.3.0
    cpe:2.3:a:gnu:gnutls:2.3.0
  • GNU GnuTLS 2.3.1
    cpe:2.3:a:gnu:gnutls:2.3.1
  • GNU GnuTLS 2.3.2
    cpe:2.3:a:gnu:gnutls:2.3.2
  • GNU GnuTLS 2.3.3
    cpe:2.3:a:gnu:gnutls:2.3.3
  • GNU GnuTLS 2.3.4
    cpe:2.3:a:gnu:gnutls:2.3.4
  • GNU GnuTLS 2.3.5
    cpe:2.3:a:gnu:gnutls:2.3.5
  • GNU GnuTLS 2.3.6
    cpe:2.3:a:gnu:gnutls:2.3.6
  • GNU GnuTLS 2.3.7
    cpe:2.3:a:gnu:gnutls:2.3.7
  • GNU GnuTLS 2.3.8
    cpe:2.3:a:gnu:gnutls:2.3.8
  • GNU GnuTLS 2.3.9
    cpe:2.3:a:gnu:gnutls:2.3.9
  • GNU GnuTLS 2.3.10
    cpe:2.3:a:gnu:gnutls:2.3.10
  • GNU GnuTLS 2.3.11
    cpe:2.3:a:gnu:gnutls:2.3.11
  • GNU GnuTLS 2.4.0
    cpe:2.3:a:gnu:gnutls:2.4.0
  • GNU GnuTLS 2.4.1
    cpe:2.3:a:gnu:gnutls:2.4.1
  • GNU GnuTLS 2.4.2
    cpe:2.3:a:gnu:gnutls:2.4.2
  • GNU GnuTLS 2.4.3
    cpe:2.3:a:gnu:gnutls:2.4.3
  • GNU GnuTLS 2.5.0
    cpe:2.3:a:gnu:gnutls:2.5.0
  • GNU GnuTLS 2.6.0
    cpe:2.3:a:gnu:gnutls:2.6.0
  • GNU GnuTLS 2.6.1
    cpe:2.3:a:gnu:gnutls:2.6.1
  • GNU GnuTLS 2.6.2
    cpe:2.3:a:gnu:gnutls:2.6.2
  • GNU GnuTLS 2.6.3
    cpe:2.3:a:gnu:gnutls:2.6.3
  • GNU GnuTLS 2.6.4
    cpe:2.3:a:gnu:gnutls:2.6.4
  • GNU GnuTLS 2.6.5
    cpe:2.3:a:gnu:gnutls:2.6.5
  • GNU GnuTLS 2.6.6
    cpe:2.3:a:gnu:gnutls:2.6.6
  • GNU GnuTLS 2.7.4
    cpe:2.3:a:gnu:gnutls:2.7.4
  • GNU GnuTLS 2.8.0
    cpe:2.3:a:gnu:gnutls:2.8.0
  • GNU GnuTLS 2.8.1
    cpe:2.3:a:gnu:gnutls:2.8.1
  • GNU GnuTLS 2.8.2
    cpe:2.3:a:gnu:gnutls:2.8.2
  • GNU GnuTLS 2.8.3
    cpe:2.3:a:gnu:gnutls:2.8.3
  • GNU GnuTLS 2.8.4
    cpe:2.3:a:gnu:gnutls:2.8.4
  • GNU GnuTLS 2.8.5
    cpe:2.3:a:gnu:gnutls:2.8.5
  • GNU GnuTLS 2.8.6
    cpe:2.3:a:gnu:gnutls:2.8.6
  • GNU GnuTLS 2.10.0
    cpe:2.3:a:gnu:gnutls:2.10.0
  • GNU GnuTLS 2.10.1
    cpe:2.3:a:gnu:gnutls:2.10.1
  • GNU GnuTLS 2.10.2
    cpe:2.3:a:gnu:gnutls:2.10.2
  • GNU GnuTLS 2.10.3
    cpe:2.3:a:gnu:gnutls:2.10.3
  • GNU GnuTLS 2.10.4
    cpe:2.3:a:gnu:gnutls:2.10.4
  • GNU GnuTLS 2.10.5
    cpe:2.3:a:gnu:gnutls:2.10.5
  • GNU GnuTLS 2.12.0
    cpe:2.3:a:gnu:gnutls:2.12.0
  • GNU GnuTLS 2.12.1
    cpe:2.3:a:gnu:gnutls:2.12.1
  • GNU GnuTLS 2.12.2
    cpe:2.3:a:gnu:gnutls:2.12.2
  • GNU GnuTLS 2.12.3
    cpe:2.3:a:gnu:gnutls:2.12.3
  • GNU GnuTLS 2.12.4
    cpe:2.3:a:gnu:gnutls:2.12.4
  • GNU GnuTLS 2.12.5
    cpe:2.3:a:gnu:gnutls:2.12.5
  • GNU GnuTLS 2.12.6
    cpe:2.3:a:gnu:gnutls:2.12.6
  • GNU GnuTLS 2.12.6.1
    cpe:2.3:a:gnu:gnutls:2.12.6.1
  • GNU GnuTLS 2.12.7
    cpe:2.3:a:gnu:gnutls:2.12.7
  • GNU GnuTLS 2.12.8
    cpe:2.3:a:gnu:gnutls:2.12.8
  • GNU GnuTLS 2.12.9
    cpe:2.3:a:gnu:gnutls:2.12.9
  • GNU GnuTLS 2.12.10
    cpe:2.3:a:gnu:gnutls:2.12.10
  • GNU GnuTLS 2.12.11
    cpe:2.3:a:gnu:gnutls:2.12.11
  • GNU GnuTLS 2.12.12
    cpe:2.3:a:gnu:gnutls:2.12.12
  • GNU GnuTLS 2.12.13
    cpe:2.3:a:gnu:gnutls:2.12.13
  • GNU GnuTLS 2.12.14
    cpe:2.3:a:gnu:gnutls:2.12.14
  • GNU TLS 3.0
    cpe:2.3:a:gnu:gnutls:3.0
  • GNU GnuTLS 3.0.0
    cpe:2.3:a:gnu:gnutls:3.0.0
  • GNU GnuTLS 3.0.1
    cpe:2.3:a:gnu:gnutls:3.0.1
  • GNU GnuTLS 3.0.2
    cpe:2.3:a:gnu:gnutls:3.0.2
  • GNU GnuTLS 3.0.3
    cpe:2.3:a:gnu:gnutls:3.0.3
  • GNU GnuTLS 3.0.4
    cpe:2.3:a:gnu:gnutls:3.0.4
  • GNU GnuTLS 3.0.5
    cpe:2.3:a:gnu:gnutls:3.0.5
  • GNU GnuTLS 3.0.6
    cpe:2.3:a:gnu:gnutls:3.0.6
  • GNU GnuTLS 3.0.7
    cpe:2.3:a:gnu:gnutls:3.0.7
  • GNU GnuTLS 3.0.8
    cpe:2.3:a:gnu:gnutls:3.0.8
  • GNU GnuTLS 3.0.9
    cpe:2.3:a:gnu:gnutls:3.0.9
  • GNU GnuTLS 3.0.10
    cpe:2.3:a:gnu:gnutls:3.0.10
  • GNU GnuTLS 3.0.11
    cpe:2.3:a:gnu:gnutls:3.0.11
  • GNU GnuTLS 3.0.12
    cpe:2.3:a:gnu:gnutls:3.0.12
  • GNU GnuTLS 3.0.13
    cpe:2.3:a:gnu:gnutls:3.0.13
  • GNU GnuTLS 3.0.14
    cpe:2.3:a:gnu:gnutls:3.0.14
  • GNU GnuTLS 3.0.15
    cpe:2.3:a:gnu:gnutls:3.0.15
  • GNU Libtasn1 0.1.0
    cpe:2.3:a:gnu:libtasn1:0.1.0
  • GNU Libtasn1 0.1.1
    cpe:2.3:a:gnu:libtasn1:0.1.1
  • GNU Libtasn1 0.1.2
    cpe:2.3:a:gnu:libtasn1:0.1.2
  • GNU Libtasn1 0.2.0
    cpe:2.3:a:gnu:libtasn1:0.2.0
  • GNU Libtasn1 0.2.1
    cpe:2.3:a:gnu:libtasn1:0.2.1
  • GNU Libtasn1 0.2.2
    cpe:2.3:a:gnu:libtasn1:0.2.2
  • GNU Libtasn1 0.2.3
    cpe:2.3:a:gnu:libtasn1:0.2.3
  • GNU Libtasn1 0.2.4
    cpe:2.3:a:gnu:libtasn1:0.2.4
  • GNU Libtasn1 0.2.5
    cpe:2.3:a:gnu:libtasn1:0.2.5
  • GNU Libtasn1 0.2.6
    cpe:2.3:a:gnu:libtasn1:0.2.6
  • GNU Libtasn1 0.2.7
    cpe:2.3:a:gnu:libtasn1:0.2.7
  • GNU Libtasn1 0.2.8
    cpe:2.3:a:gnu:libtasn1:0.2.8
  • GNU Libtasn1 0.2.9
    cpe:2.3:a:gnu:libtasn1:0.2.9
  • GNU Libtasn1 0.2.10
    cpe:2.3:a:gnu:libtasn1:0.2.10
  • GNU Libtasn1 0.2.11
    cpe:2.3:a:gnu:libtasn1:0.2.11
  • GNU Libtasn1 0.2.12
    cpe:2.3:a:gnu:libtasn1:0.2.12
  • GNU Libtasn1 0.2.13
    cpe:2.3:a:gnu:libtasn1:0.2.13
  • GNU Libtasn1 0.2.14
    cpe:2.3:a:gnu:libtasn1:0.2.14
  • GNU Libtasn1 0.2.15
    cpe:2.3:a:gnu:libtasn1:0.2.15
  • GNU Libtasn1 0.2.16
    cpe:2.3:a:gnu:libtasn1:0.2.16
  • GNU Libtasn1 0.2.17
    cpe:2.3:a:gnu:libtasn1:0.2.17
  • GNU Libtasn1 0.2.18
    cpe:2.3:a:gnu:libtasn1:0.2.18
  • GNU Libtasn1 0.3.0
    cpe:2.3:a:gnu:libtasn1:0.3.0
  • GNU Libtasn1 0.3.1
    cpe:2.3:a:gnu:libtasn1:0.3.1
  • GNU Libtasn1 0.3.2
    cpe:2.3:a:gnu:libtasn1:0.3.2
  • GNU Libtasn1 0.3.3
    cpe:2.3:a:gnu:libtasn1:0.3.3
  • GNU Libtasn1 0.3.4
    cpe:2.3:a:gnu:libtasn1:0.3.4
  • GNU Libtasn1 0.3.5
    cpe:2.3:a:gnu:libtasn1:0.3.5
  • GNU Libtasn1 0.3.6
    cpe:2.3:a:gnu:libtasn1:0.3.6
  • GNU Libtasn1 0.3.7
    cpe:2.3:a:gnu:libtasn1:0.3.7
  • GNU Libtasn1 0.3.8
    cpe:2.3:a:gnu:libtasn1:0.3.8
  • GNU Libtasn1 0.3.9
    cpe:2.3:a:gnu:libtasn1:0.3.9
  • GNU Libtasn1 0.3.10
    cpe:2.3:a:gnu:libtasn1:0.3.10
  • GNU Libtasn1 1.0
    cpe:2.3:a:gnu:libtasn1:1.0
  • GNU Libtasn1 1.1
    cpe:2.3:a:gnu:libtasn1:1.1
  • GNU Libtasn1 1.2
    cpe:2.3:a:gnu:libtasn1:1.2
  • GNU Libtasn1 1.3
    cpe:2.3:a:gnu:libtasn1:1.3
  • GNU Libtasn1 1.4
    cpe:2.3:a:gnu:libtasn1:1.4
  • GNU Libtasn1 1.5
    cpe:2.3:a:gnu:libtasn1:1.5
  • GNU Libtasn1 1.6
    cpe:2.3:a:gnu:libtasn1:1.6
  • GNU Libtasn1 1.7
    cpe:2.3:a:gnu:libtasn1:1.7
  • GNU Libtasn1 1.8
    cpe:2.3:a:gnu:libtasn1:1.8
  • GNU Libtasn1 2.0
    cpe:2.3:a:gnu:libtasn1:2.0
  • GNU Libtasn1 2.1
    cpe:2.3:a:gnu:libtasn1:2.1
  • GNU Libtasn1 2.2
    cpe:2.3:a:gnu:libtasn1:2.2
  • GNU Libtasn1 2.3
    cpe:2.3:a:gnu:libtasn1:2.3
  • GNU Libtasn1 2.4
    cpe:2.3:a:gnu:libtasn1:2.4
  • GNU Libtasn1 2.5
    cpe:2.3:a:gnu:libtasn1:2.5
  • GNU Libtasn1 2.6
    cpe:2.3:a:gnu:libtasn1:2.6
  • GNU Libtasn1 2.7
    cpe:2.3:a:gnu:libtasn1:2.7
  • GNU Libtasn1 2.8
    cpe:2.3:a:gnu:libtasn1:2.8
  • GNU Libtasn1 2.9
    cpe:2.3:a:gnu:libtasn1:2.9
  • GNU Libtasn1 2.10
    cpe:2.3:a:gnu:libtasn1:2.10
  • GNU Libtasn1 2.11
    cpe:2.3:a:gnu:libtasn1:2.11
CVSS
Base: 5.0 (as of 27-03-2012 - 12:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-277.NASL
    description 3 vulnerabilities were discovered for the gnutls packages in openSUSE version 12.1.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74627
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74627
    title openSUSE Security Update : gnutls (openSUSE-SU-2012:0620-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58504
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58504
    title CentOS 5 : gnutls (CESA-2012:0428)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2440.NASL
    description Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58459
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58459
    title Debian DSA-2440-1 : libtasn1-3 - missing bounds check
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4409.NASL
    description This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58551
    published 2012-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58551
    title Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNUTLS-8066.NASL
    description This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569) - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573) - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390)
    last seen 2019-02-21
    modified 2012-07-03
    plugin id 59829
    published 2012-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59829
    title SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8066)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0488.NASL
    description An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-1583 (kernel issue) CVE-2011-3045 (libpng issue) CVE-2012-0884 and CVE-2012-1165 (openssl issues) Further information on the changes made to the package is available on the relevant errata : https://rhn.redhat.com/errata/RHBA-2012-0398.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79286
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79286
    title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0531.NASL
    description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78922
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78922
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_GNUTLS_ON_SL5_X.NASL
    description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61290
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61290
    title Scientific Linux Security Update : gnutls on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GNUTLS-120615.NASL
    description This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569) - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573) - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390) In addition, support for customizing the signing function was added.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64152
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64152
    title SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-60.NASL
    description A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69667
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69667
    title Amazon Linux AMI : libtasn1 (ALAS-2012-60)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4342.NASL
    description New upstream package with minor improvements and security fix. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58627
    published 2012-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58627
    title Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0428.NASL
    description From Red Hat Security Advisory 2012:0428 : Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68503
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68503
    title Oracle Linux 5 : gnutls (ELSA-2012-0428)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1436-1.NASL
    description Matthew Hall discovered that Libtasn incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58974
    published 2012-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58974
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libtasn1-3 vulnerability (USN-1436-1)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-287-03.NASL
    description New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues.
    last seen 2019-02-21
    modified 2013-10-16
    plugin id 70439
    published 2013-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70439
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-12 (Libtasn1: Denial of Service) Libtasn1 does not properly handle length fields when performing DER decoding. Impact : A remote attacker could entice a user to open a specially crafted DER-encoded object in an application linked against Libtasn1, possibly resulting in Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62302
    published 2012-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62302
    title GLSA-201209-12 : Libtasn1: Denial of Service
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0427.NASL
    description Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Users of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58508
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58508
    title RHEL 6 : libtasn1 (RHSA-2012:0427)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4451.NASL
    description This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58693
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58693
    title Fedora 17 : mingw-gnutls-2.12.17-1.fc17 / mingw-libtasn1-2.12-1.fc17 / mingw-p11-kit-0.12-1.fc17 (2012-4451)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_LIBTASN1_ON_SL6_X.NASL
    description libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) Users of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61292
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61292
    title Scientific Linux Security Update : libtasn1 on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4417.NASL
    description This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58730
    published 2012-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58730
    title Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-039.NASL
    description A vulnerability has been found and corrected in libtasn1 : The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure (CVE-2012-1569). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58491
    published 2012-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58491
    title Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58509
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58509
    title RHEL 5 : gnutls (RHSA-2012:0428)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4357.NASL
    description New upstream package with minor improvements and security fix. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58692
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58692
    title Fedora 17 : libtasn1-2.12-1.fc17 (2012-4357)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0427.NASL
    description From Red Hat Security Advisory 2012:0427 : Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Users of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68502
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68502
    title Oracle Linux 6 : libtasn1 (ELSA-2012-0427)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2E7E907273A011E1A883001CC0A36E12.NASL
    description Mu Dynamics, Inc. reports : Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58422
    published 2012-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58422
    title FreeBSD : libtasn1 -- ASN.1 length decoding vulnerability (2e7e9072-73a0-11e1-a883-001cc0a36e12)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4308.NASL
    description New upstream package with minor improvements and security fix. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58626
    published 2012-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58626
    title Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0427.NASL
    description Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Users of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58503
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58503
    title CentOS 6 : libtasn1 (CESA-2012:0427)
redhat via4
advisories
  • bugzilla
    id 804920
    title CVE-2012-1569 libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libtasn1 is earlier than 0:2.3-3.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120427005
        • comment libtasn1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427006
      • AND
        • comment libtasn1-devel is earlier than 0:2.3-3.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120427009
        • comment libtasn1-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427010
      • AND
        • comment libtasn1-tools is earlier than 0:2.3-3.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120427007
        • comment libtasn1-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120427008
    rhsa
    id RHSA-2012:0427
    released 2012-03-27
    severity Important
    title RHSA-2012:0427: libtasn1 security update (Important)
  • rhsa
    id RHSA-2012:0488
  • rhsa
    id RHSA-2012:0531
rpms
  • libtasn1-0:2.3-3.el6_2.1
  • libtasn1-devel-0:2.3-3.el6_2.1
  • libtasn1-tools-0:2.3-3.el6_2.1
  • gnutls-0:1.4.1-7.el5_8.2
  • gnutls-devel-0:1.4.1-7.el5_8.2
  • gnutls-utils-0:1.4.1-7.el5_8.2
refmap via4
bugtraq 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
confirm
debian DSA-2440
fedora
  • FEDORA-2012-4308
  • FEDORA-2012-4342
  • FEDORA-2012-4357
  • FEDORA-2012-4409
  • FEDORA-2012-4417
  • FEDORA-2012-4451
mandriva MDVSA-2012:039
misc http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
mlist
  • [gnutls-devel] 20120316 gnutls 3.0.16
  • [help-libtasn1] 20120319 GNU Libtasn1 2.12 released
  • [help-libtasn1] 20120319 minimal fix to security issue
  • [oss-security] 20120320 CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
  • [oss-security] 20120320 Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
  • [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01
sectrack 1026829
secunia
  • 48397
  • 48488
  • 48505
  • 48578
  • 48596
  • 49002
  • 50739
  • 57260
suse SUSE-SU-2014:0320
ubuntu USN-1436-1
vmware via4
description The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console glibc RPM
Last major update 18-06-2014 - 00:09
Published 26-03-2012 - 15:55
Last modified 17-01-2018 - 21:29
Back to Top