CVSS: 5.0EPSS: 0%CPEs: 117EXPL: 0CVE-2009-1417
https://notcve.org/view.php?id=CVE-2009-1417
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. gnutls-cli en GnuTLS anteriores a v2.6.6 no verifica la activación y tiempos de caducidad de los certificados X.509, lo cual permite a atacantes remotos presentar con éxito un certificado que (1) aún es válido o (2) ya no es válido, en relación con la falta de controles en el tiempo la función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls_x509, utilizado por (a) Exim, (b) OpenLDAP y (c) libsoup. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517 http://secunia.com/advisories/34842 http://secunia.com/advisories/35211 http://security.gentoo.org/glsa/glsa-200905-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 http://www.securityfocus.com/bid/34783 http://www.securitytracker.com/id?1022159 http://www.vupen.com/english/advisories/2009/1218 https://exchange.xforce.ibmcloud.com/vulnerabilities/50261 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo "hombre en el medio" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN). • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/32619 http://secunia.com/advisories/32681 http://secunia.com/advisories/32687 http://secunia.com/advisories/32879 http://secunia.com/advisories/33501 http://secunia.com/advi • CWE-295: Improper Certificate Validation •
CVSS: 7.6EPSS: 2%CPEs: 6EXPL: 1CVE-2008-2377
https://notcve.org/view.php?id=CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. Vulnerabilidad de uso después de liberación en la función _gnutls_handshake_hash_buffers_clear de lib/gnutls_handshake.c en libgnutls de GnuTLS 2.3.5 hasta 2.4.0 permite a atacantes remotos provocar una denegación de servicio (caida) o posiblemente ejecutar código de su elección a través de transmisiones TLS de datos que no son usadas apropiadamente cuando las llamadas pares gnutls_handshake dentro de una sesión normal, conducen a intentos de acceso a manejadores libgcrypt no asignados. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947 http://secunia.com/advisories/31505 http://www.gnu.org/software/gnutls/security.html http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html http://www.securityfocus.com/bid/30713 http://www.vupen.com/english/advisories/2008/2398 https://exchange.xforce.ibmcloud.com/vulnerabilities/44486 https://issues.rpath.com/browse/RPL-2650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 105EXPL: 1CVE-2008-1949 – GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference
https://notcve.org/view.php?id=CVE-2008-1949
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. La función _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a la 2.2.4 continúa procesando los mensajes Client Hello dentro de un mensaje TLS después de que uno ya haya sido procesado, lo cual permite a atacantes remotos provocar una denegación de servicio (referencia NULL y caída) a través de un mensaje TLS que contiene múltiples mensajes Hello Client, también conocida como GNUTLS-SA-2008-1-2. • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/3 • CWE-287: Improper Authentication CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 6%CPEs: 105EXPL: 0CVE-2008-1950 – GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
https://notcve.org/view.php?id=CVE-2008-1950
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. Error en signo de entero de la función the _gnutls_ciphertext2compressed en lib/gnutls_cipher.c de libgnutls en GnuTLS versiones anteriores a la 2.2.4, permite a atacantes remotos provocar una denegación de servicio (sobre-lectura de búfer y caída) a través de determinados valores de entero en el campo Random de un mensaje Client Hello encriptado dentro de un registro TLS con una longitud de registro no válida, lo cual conlleva una longitud de relleno de cifra no válido, también conocido como GNUTLS-SA-2008-1-3. • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/3 • CWE-189: Numeric Errors •