ID CVE-2006-7239
Summary The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-05-2010 - 04:00)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment gnutls is earlier than 0:1.4.1-7.el5_8.1
        oval oval:com.redhat.rhba:tst:20120319002
      • comment gnutls is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20120319003
    • AND
      • comment gnutls-devel is earlier than 0:1.4.1-7.el5_8.1
        oval oval:com.redhat.rhba:tst:20120319004
      • comment gnutls-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20120319005
    • AND
      • comment gnutls-utils is earlier than 0:1.4.1-7.el5_8.1
        oval oval:com.redhat.rhba:tst:20120319006
      • comment gnutls-utils is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20120319007
rhsa
released 2012-02-21
severity None
title RHBA-2012:0319: gnutls bug fix update (None)
rpms
  • gnutls-0:1.4.1-7.el5_8.1
  • gnutls-devel-0:1.4.1-7.el5_8.1
  • gnutls-utils-0:1.4.1-7.el5_8.1
refmap via4
confirm http://www.gnu.org/software/gnutls/security.html
mlist
  • [gnutls-dev] 20060812 GnuTLS 1.4.2
  • [gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]
Last major update 25-05-2010 - 04:00
Published 24-05-2010 - 19:30
Back to Top