CVE-2014-0092 – gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
https://notcve.org/view.php?id=CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://gnutls.org/security.html#GNUTLS-SA-2014-2 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html http: • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVE-2014-1959
https://notcve.org/view.php?id=CVE-2014-1959
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos. • http://seclists.org/oss-sec/2014/q1/344 http://seclists.org/oss-sec/2014/q1/345 http://www.debian.org/security/2014/dsa-2866 http://www.gnutls.org/security.html http://www.securityfocus.com/bid/65559 http://www.ubuntu.com/usn/USN-2121-1 https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1619 – gnutls: TLS CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-1619
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x antes de v3.1.7 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operación de comprobación de incumplimiento MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano ataques de recuperación a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-0588.html http://secunia.com/ad • CWE-310: Cryptographic Issues •
CVE-2012-1573 – gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
https://notcve.org/view.php?id=CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. gnutls_cipher.c en libgnutls en GnuTLS antes de v2.12.17 y v3.x antes de v3.0.15 no maneja adecuadamente los datos cifrados con un cifrado de bloques, lo que permite provocar una denegación de servicio (corrupción de la pila de memoria y caída de la aplicación) a atacantes remotos a través de un registro hecho a mano, como se demuestra por una estructura GenericBlockCipher especificamente creada para este fin. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912 http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185 http://lists.fedoraproject.org/piper • CWE-310: Cryptographic Issues •
CVE-2012-1569 – libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
https://notcve.org/view.php?id=CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. La función asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja adecuadamente ciertos valores de longitud demasiado grandes, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de la pila de memoria y caída de la aplicación) o posiblemente tener un impacto no especificado a través de una estructura ASN.1 especificamente elaborada para este fin. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54 http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html http://lists.fedoraproject.org/pipermail/ • CWE-189: Numeric Errors •