CVE-2009-1416 – GnuTLS 2.6.x - libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing
https://notcve.org/view.php?id=CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. lib/gnutls_pk.c en libgnutls en GnuTLS v2.5.0 hasta v2.6.5 genera claves RSA almacenados en estructuras DSA, en lugar de las claves DSA previstas, lo cual podría permitir a atacantes remotos suplantar firmas en los certificados o tener otro impacto no especificado por el utilizamiento de una clave DSA no es válida. • https://www.exploit-db.com/exploits/32965 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516 http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html http://secunia.com/advisories/34842 http://secunia.com/advisories/35211 http://security.gentoo.org/glsa/glsa-200905-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 http://www.securityfocus.com/bid/34783 http://www.securitytracker.com/id?1022158 http://www.vupen.com/english • CWE-310: Cryptographic Issues •
CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo "hombre en el medio" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN). • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/32619 http://secunia.com/advisories/32681 http://secunia.com/advisories/32687 http://secunia.com/advisories/32879 http://secunia.com/advisories/33501 http://secunia.com/advi • CWE-295: Improper Certificate Validation •
CVE-2008-2377
https://notcve.org/view.php?id=CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. Vulnerabilidad de uso después de liberación en la función _gnutls_handshake_hash_buffers_clear de lib/gnutls_handshake.c en libgnutls de GnuTLS 2.3.5 hasta 2.4.0 permite a atacantes remotos provocar una denegación de servicio (caida) o posiblemente ejecutar código de su elección a través de transmisiones TLS de datos que no son usadas apropiadamente cuando las llamadas pares gnutls_handshake dentro de una sesión normal, conducen a intentos de acceso a manejadores libgcrypt no asignados. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947 http://secunia.com/advisories/31505 http://www.gnu.org/software/gnutls/security.html http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html http://www.securityfocus.com/bid/30713 http://www.vupen.com/english/advisories/2008/2398 https://exchange.xforce.ibmcloud.com/vulnerabilities/44486 https://issues.rpath.com/browse/RPL-2650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1948 – GNUTLS-SA-2008-1-1 GnuTLS buffer overflow
https://notcve.org/view.php?id=CVE-2008-1948
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. La función _gnutls_server_name_recv_params de lib/ext_server_name.c en libgnutls de gnutls-serv en GnuTLS versiones anteriores a la 2.2.4, no calcula correctamente el número de Nombre de Servidor en un mensaje Hello TLS 1.0 durante la gestión de extensiones, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrariamente a través de un valor cero para la longitud de los Nombres de Servidores, lo que conlleva un desbordamiento de búfer en una sesión de reanudación de datos en la función pack_security_parameters, también conocida como GNUTLS-SA-2008-1-1. • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/3 • CWE-189: Numeric Errors •
CVE-2008-1949 – GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference
https://notcve.org/view.php?id=CVE-2008-1949
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. La función _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a la 2.2.4 continúa procesando los mensajes Client Hello dentro de un mensaje TLS después de que uno ya haya sido procesado, lo cual permite a atacantes remotos provocar una denegación de servicio (referencia NULL y caída) a través de un mensaje TLS que contiene múltiples mensajes Hello Client, también conocida como GNUTLS-SA-2008-1-2. • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/3 • CWE-287: Improper Authentication CWE-476: NULL Pointer Dereference •