CVE-2014-3466 – gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)
https://notcve.org/view.php?id=CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Desbordamiento de buffer en la función read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegación de servicio (consumo de memoria) o posiblemente ejecutar código arbitrario a través de una sesión id larga en un mensaje ServerHello. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. • http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0595.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability http://rhn.redhat.com/e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-5138 – gnutls: incorrect handling of V1 intermediate certificates
https://notcve.org/view.php?id=CVE-2009-5138
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. GnuTLS anterior a 2.7.6, cuando el indicador GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT no está habilitado, trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos, una vulnerabilidad diferente a CVE-2014-1959. • http://article.gmane.org/gmane.comp.security.oss.general/12223 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-0247.html http://secunia.com/advisories/57254 http://secunia.com/advisories/57260 http://sec • CWE-264: Permissions, Privileges, and Access Controls CWE-295: Improper Certificate Validation •
CVE-2014-0092 – gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
https://notcve.org/view.php?id=CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://gnutls.org/security.html#GNUTLS-SA-2014-2 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html http: • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVE-2014-1959
https://notcve.org/view.php?id=CVE-2014-1959
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos. • http://seclists.org/oss-sec/2014/q1/344 http://seclists.org/oss-sec/2014/q1/345 http://www.debian.org/security/2014/dsa-2866 http://www.gnutls.org/security.html http://www.securityfocus.com/bid/65559 http://www.ubuntu.com/usn/USN-2121-1 https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4466
https://notcve.org/view.php?id=CVE-2013-4466
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. Desbordamiento de búfer en la función dane_query_tlsa de la librería DANE (libdane) en GnuTLS 3.1.x anterior a la versión 3.1.15 y 3.2.x anterior a 3.2.5 permite en servidores remotos provocar una denegación de servicio (corrupción de memoria) a través de una respuesta que implique más de 4 entradas DANE. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050 http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 http://www.openwall.com/lists/oss-security/2013/10/25/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •