ID CVE-2009-1416 Type cve Reporter cve@mitre.org Modified 2009-06-10T05:29:00
Description
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
{"exploitdb": [{"lastseen": "2016-02-03T18:11:14", "bulletinFamily": "exploit", "description": "GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing. CVE-2009-1416. Remote exploit for linux platform", "modified": "2009-04-30T00:00:00", "published": "2009-04-30T00:00:00", "id": "EDB-ID:32965", "href": "https://www.exploit-db.com/exploits/32965/", "type": "exploitdb", "title": "GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing", "sourceData": "source: http://www.securityfocus.com/bid/34783/info\r\n \r\nGnuTLS is prone to multiple remote vulnerabilities:\r\n \r\n- A remote code-execution vulnerability\r\n- A denial-of-service vulnerability\r\n- A signature-generation vulnerability\r\n- A signature-verification vulnerability\r\n \r\nAn attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.\r\n \r\nVersions prior to GnuTLS 2.6.6 are vulnerable.\r\n\r\n/*\r\n * Small code to reproduce the CVE-2009-1416 bad DSA key problem.\r\n *\r\n * Build it using:\r\n *\r\n * gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls\r\n *\r\n * If your gnutls library is OK then running it will print 'success!'.\r\n *\r\n * If your gnutls library is buggy then running it will print 'buggy'.\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdarg.h>\r\n#include <stdlib.h>\r\n\r\n#include <gcrypt.h>\r\n#include <gnutls/gnutls.h>\r\n\r\nint\r\nmain (void)\r\n{\r\n gnutls_x509_privkey_t key;\r\n gnutls_datum_t p, q, g, y, x;\r\n int ret;\r\n\r\n gnutls_global_init ();\r\n gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);\r\n\r\n ret = gnutls_x509_privkey_init (&key);\r\n if (ret < 0)\r\n return 1;\r\n\r\n ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);\r\n if (ret < 0)\r\n return 1;\r\n\r\n ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);\r\n if (ret < 0)\r\n return 1;\r\n\r\n if (q.size == 3 && memcmp (q.data, \"\\x01\\x00\\x01\", 3) == 0)\r\n printf (\"buggy\\n\");\r\n else\r\n printf (\"success!\\n\");\r\n\r\n gnutls_free (p.data);\r\n gnutls_free (q.data);\r\n gnutls_free (g.data);\r\n gnutls_free (y.data);\r\n gnutls_free (x.data);\r\n\r\n gnutls_x509_privkey_deinit (key);\r\n gnutls_global_deinit ();\r\n\r\n return 0;\r\n}\r\n\r\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32965/"}], "seebug": [{"lastseen": "2017-11-19T16:44:49", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86226", "id": "SSV:86226", "title": "GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing", "type": "seebug", "sourceData": "\n source: http://www.securityfocus.com/bid/34783/info\r\n \r\nGnuTLS is prone to multiple remote vulnerabilities:\r\n \r\n- A remote code-execution vulnerability\r\n- A denial-of-service vulnerability\r\n- A signature-generation vulnerability\r\n- A signature-verification vulnerability\r\n \r\nAn attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.\r\n \r\nVersions prior to GnuTLS 2.6.6 are vulnerable.\r\n\r\n/*\r\n * Small code to reproduce the CVE-2009-1416 bad DSA key problem.\r\n *\r\n * Build it using:\r\n *\r\n * gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls\r\n *\r\n * If your gnutls library is OK then running it will print 'success!'.\r\n *\r\n * If your gnutls library is buggy then running it will print 'buggy'.\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdarg.h>\r\n#include <stdlib.h>\r\n\r\n#include <gcrypt.h>\r\n#include <gnutls/gnutls.h>\r\n\r\nint\r\nmain (void)\r\n{\r\n gnutls_x509_privkey_t key;\r\n gnutls_datum_t p, q, g, y, x;\r\n int ret;\r\n\r\n gnutls_global_init ();\r\n gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);\r\n\r\n ret = gnutls_x509_privkey_init (&key);\r\n if (ret < 0)\r\n return 1;\r\n\r\n ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);\r\n if (ret < 0)\r\n return 1;\r\n\r\n ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);\r\n if (ret < 0)\r\n return 1;\r\n\r\n if (q.size == 3 && memcmp (q.data, "\\x01\\x00\\x01", 3) == 0)\r\n printf ("buggy\\n");\r\n else\r\n printf ("success!\\n");\r\n\r\n gnutls_free (p.data);\r\n gnutls_free (q.data);\r\n gnutls_free (g.data);\r\n gnutls_free (y.data);\r\n gnutls_free (x.data);\r\n\r\n gnutls_x509_privkey_deinit (key);\r\n gnutls_global_deinit ();\r\n\r\n return 0;\r\n}\r\n\r\n \n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86226"}, {"lastseen": "2017-11-19T18:52:49", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34783\r\nCVE(CAN) ID: CVE-2009-1416,CVE-2009-1415,CVE-2009-1417\r\n\r\nGnuTLS\u662f\u7528\u4e8e\u5b9e\u73b0TLS\u52a0\u5bc6\u534f\u8bae\u7684\u51fd\u6570\u5e93\u3002\r\n\r\nGnuTLS\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u88ab\u8fdc\u7a0b\u5229\u7528\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u3001\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n1) \u5904\u7406\u65e0\u6548DSA\u5bc6\u94a5\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u91ca\u653e\u65e0\u6548\u5185\u5b58\uff0c\u5ba2\u6237\u7aef\u5e94\u7528\u53ef\u80fd\u4f1a\u5d29\u6e83\u3002\r\n\r\n2) GnuTLS\u5e93\u751f\u6210\u7684\u662fRSA\u5bc6\u94a5\u800c\u4e0d\u662fDSA\u5bc6\u94a5\uff0c\u800cRSA\u5bc6\u94a5\u751f\u6210\u7684\u662f\u5f31\u52a0\u5bc6\u7b7e\u540d\u3002\r\n\r\n3) gnutls-cli\u5e94\u7528\u6ca1\u6709\u6b63\u786e\u5730\u68c0\u67e5X.509\u8bc1\u4e66\u7684\u6fc0\u6d3b\u548c\u8fc7\u671f\u65e5\u671f\uff0c\u53ef\u80fd\u8bf1\u9a97\u5e94\u7528\u7a0b\u5e8f\u63a5\u53d7\u65e0\u6548\u7684\u8bc1\u4e66\u3002\n0\nGNU GnuTLS < 2.6.6\nGNU\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2 target=_blank rel=external nofollow>ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2</a>", "modified": "2009-05-04T00:00:00", "published": "2009-05-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11185", "id": "SSV:11185", "title": "GnuTLS\u5e93\u591a\u4e2a\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515\r\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-11185"}], "nessus": [{"lastseen": "2018-09-01T23:50:15", "bulletinFamily": "scanner", "description": "New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.", "modified": "2016-12-09T00:00:00", "published": "2009-05-11T00:00:00", "id": "SLACKWARE_SSA_2009-128-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38719", "title": "Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-128-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38719);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/09 20:54:58 $\");\n\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\");\n script_xref(name:\"SSA\", value:\"2009-128-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405571\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e80aa0c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(255, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"gnutls\", pkgver:\"2.6.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"gnutls\", pkgver:\"2.6.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"gnutls\", pkgver:\"2.6.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnutls\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:17", "bulletinFamily": "scanner", "description": "SecurityFocus reports :\n\nGnuTLS is prone to multiple remote vulnerabilities :\n\n- A remote code-execution vulnerability.\n\n- A denial-of-service vulnerability.\n\n- A signature-generation vulnerability.\n\n- A signature-verification vulnerability.\n\nAn attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_B31A1088460F11DEA11A0022156E8794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40661", "published": "2009-08-20T00:00:00", "title": "FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40661);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_bugtraq_id(34783);\n\n script_name(english:\"FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nGnuTLS is prone to multiple remote vulnerabilities :\n\n- A remote code-execution vulnerability.\n\n- A denial-of-service vulnerability.\n\n- A signature-generation vulnerability.\n\n- A signature-verification vulnerability.\n\nAn attacker can exploit these issues to potentially execute arbitrary\ncode, trigger denial-of-service conditions, carry out attacks against\ndata signed with weak signatures, and cause clients to accept expired\nor invalid certificates from servers.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517\"\n );\n # https://vuxml.freebsd.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c365e5ba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(255, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gnutls<2.6.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gnutls-devel<2.7.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:54", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been found and corrected in gnutls :\n\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415).\n\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416).\n\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417).\n\nThe updated packages have been patched to prevent this.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2009-116.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38815", "published": "2009-05-19T00:00:00", "title": "Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:116. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38815);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_xref(name:\"MDVSA\", value:\"2009:116\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in gnutls :\n\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\nproperly handle invalid DSA signatures, which allows remote attackers\nto cause a denial of service (application crash) and possibly have\nunspecified other impact via a malformed DSA key that triggers a (1)\nfree of an uninitialized pointer or (2) double free (CVE-2009-1415).\n\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\nRSA keys stored in DSA structures, instead of the intended DSA keys,\nwhich might allow remote attackers to spoof signatures on certificates\nor have unspecified other impact by leveraging an invalid DSA key\n(CVE-2009-1416).\n\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation and\nexpiration times of X.509 certificates, which allows remote attackers\nto successfully present a certificate that is (1) not yet valid or (2)\nno longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup\n(CVE-2009-1417).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(255, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnutls-2.3.0-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-2.3.0-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64gnutls26-2.3.0-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libgnutls-devel-2.3.0-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libgnutls26-2.3.0-2.5mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnutls-2.4.1-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-2.4.1-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gnutls26-2.4.1-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgnutls-devel-2.4.1-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgnutls26-2.4.1-2.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"gnutls-2.6.4-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-2.6.4-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64gnutls26-2.6.4-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libgnutls-devel-2.6.4-1.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libgnutls26-2.6.4-1.2mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:55", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200905-04 (GnuTLS: Multiple vulnerabilities)\n\n The following vulnerabilities were found in GnuTLS:\n Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415).\n Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416).\n Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the 'gnutls-cli' program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417).\n Impact :\n\n A remote attacker could entice a user or automated system to process a specially crafted DSA certificate, possibly resulting in a Denial of Service condition. NOTE: This issue might have other unspecified impact including the execution of arbitrary code. Furthermore, a remote attacker could spoof signatures on certificates and the 'gnutls-cli' application can be tricked into accepting an invalid certificate.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-200905-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38885", "published": "2009-05-26T00:00:00", "title": "GLSA-200905-04 : GnuTLS: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200905-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38885);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_xref(name:\"GLSA\", value:\"200905-04\");\n\n script_name(english:\"GLSA-200905-04 : GnuTLS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200905-04\n(GnuTLS: Multiple vulnerabilities)\n\n The following vulnerabilities were found in GnuTLS:\n Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not\n properly handle corrupt DSA signatures, possibly leading to a\n double-free vulnerability (CVE-2009-1415).\n Simon Josefsson\n reported that GnuTLS generates RSA keys stored in DSA structures when\n creating a DSA key (CVE-2009-1416).\n Romain Francoise reported\n that the _gnutls_x509_verify_certificate() function in\n lib/x509/verify.c does not perform time checks, resulting in the\n 'gnutls-cli' program accepting X.509 certificates with validity times\n in the past or future (CVE-2009-1417).\n \nImpact :\n\n A remote attacker could entice a user or automated system to process a\n specially crafted DSA certificate, possibly resulting in a Denial of\n Service condition. NOTE: This issue might have other unspecified impact\n including the execution of arbitrary code. Furthermore, a remote\n attacker could spoof signatures on certificates and the 'gnutls-cli'\n application can be tricked into accepting an invalid certificate.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200905-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GnuTLS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(255, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/gnutls\", unaffected:make_list(\"ge 2.6.6\"), vulnerable:make_list(\"lt 2.6.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GnuTLS\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:01", "bulletinFamily": "unix", "description": "New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/gnutls-2.6.2-i486-2_slack12.2.tgz\n Patched the following security issues:\n - Corrected double free on signature verification failure.\n Reported by Miroslav Kratochvil <exa.exa@gmail.com>.\n - Noticed when investigating the previous GNUTLS-SA-2009-1 problem.\n All DSA keys generated using GnuTLS 2.6.x are corrupt.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/gnutls-2.6.2-i486-2_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.6.2-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnutls-2.6.2-i486-2_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-2.6.6-i486-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n0028d3e43ed87ae20cfd5264676d86ba gnutls-2.6.2-i486-2_slack12.0.tgz\n\nSlackware 12.1 package:\nc5a62819b7ef93ee41ed4c05d6f56c02 gnutls-2.6.2-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\neb930f4c0361e4e0bd24044a3c386ce7 gnutls-2.6.2-i486-2_slack12.2.tgz\n\nSlackware -current package:\nc277628054339e0c999daabb94b5a7fb gnutls-2.6.6-i486-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.6.2-i486-2_slack12.2.tgz", "modified": "2009-05-09T13:05:09", "published": "2009-05-09T13:05:09", "id": "SSA-2009-128-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405571", "title": "gnutls", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-128-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63965", "id": "OPENVAS:63965", "title": "Slackware Advisory SSA:2009-128-01 gnutls", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_128_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-128-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-128-01\";\n \nif(description)\n{\n script_id(63965);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-128-01 gnutls \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-128-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231063965", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063965", "title": "Slackware Advisory SSA:2009-128-01 gnutls", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_128_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63965\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-128-01 gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-128-01\");\n\n script_tag(name:\"insight\", value:\"New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-128-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gnutls\", ver:\"2.6.2-i486-2_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:14:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64785", "id": "OPENVAS:64785", "title": "FreeBSD Ports: gnutls", "type": "openvas", "sourceData": "#\n#VID b31a1088-460f-11de-a11a-0022156e8794\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b31a1088-460f-11de-a11a-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gnutls\n gnutls-devel\n\nCVE-2009-1415\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\nproperly handle invalid DSA signatures, which allows remote attackers\nto cause a denial of service (application crash) and possibly have\nunspecified other impact via a malformed DSA key that triggers a (1)\nfree of an uninitialized pointer or (2) double free.\n\nCVE-2009-1416\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\nRSA keys stored in DSA structures, instead of the intended DSA keys,\nwhich might allow remote attackers to spoof signatures on certificates\nor have unspecified other impact by leveraging an invalid DSA key.\n\nCVE-2009-1417\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation and\nexpiration times of X.509 certificates, which allows remote attackers\nto successfully present a certificate that is (1) not yet valid or (2)\nno longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517\nhttp://www.vuxml.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64785);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_bugtraq_id(34783);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: gnutls\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package gnutls version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.8\")<0) {\n txt += 'Package gnutls-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064785", "id": "OPENVAS:136141256231064785", "type": "openvas", "title": "FreeBSD Ports: gnutls", "sourceData": "#\n#VID b31a1088-460f-11de-a11a-0022156e8794\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b31a1088-460f-11de-a11a-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gnutls\n gnutls-devel\n\nCVE-2009-1415\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\nproperly handle invalid DSA signatures, which allows remote attackers\nto cause a denial of service (application crash) and possibly have\nunspecified other impact via a malformed DSA key that triggers a (1)\nfree of an uninitialized pointer or (2) double free.\n\nCVE-2009-1416\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\nRSA keys stored in DSA structures, instead of the intended DSA keys,\nwhich might allow remote attackers to spoof signatures on certificates\nor have unspecified other impact by leveraging an invalid DSA key.\n\nCVE-2009-1417\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation and\nexpiration times of X.509 certificates, which allows remote attackers\nto successfully present a certificate that is (1) not yet valid or (2)\nno longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516\nhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517\nhttp://www.vuxml.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64785\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_bugtraq_id(34783);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: gnutls\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package gnutls version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.8\")<0) {\n txt += 'Package gnutls-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnutls\nannounced via advisory MDVSA-2009:116.", "modified": "2017-07-06T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64129", "id": "OPENVAS:64129", "title": "Mandrake Security Advisory MDVSA-2009:116 (gnutls)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_116.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:116 (gnutls)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in gnutls:\n\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\nproperly handle invalid DSA signatures, which allows remote attackers\nto cause a denial of service (application crash) and possibly have\nunspecified other impact via a malformed DSA key that triggers a (1)\nfree of an uninitialized pointer or (2) double free (CVE-2009-1415).\n\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\nRSA keys stored in DSA structures, instead of the intended DSA keys,\nwhich might allow remote attackers to spoof signatures on certificates\nor have unspecified other impact by leveraging an invalid DSA key\n(CVE-2009-1416).\n\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation\nand expiration times of X.509 certificates, which allows remote\nattackers to successfully present a certificate that is (1) not yet\nvalid or (2) no longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup\n(CVE-2009-1417).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:116\";\ntag_summary = \"The remote host is missing an update to gnutls\nannounced via advisory MDVSA-2009:116.\";\n\n \n\nif(description)\n{\n script_id(64129);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:116 (gnutls)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls11\", rpm:\"libgnutls11~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls11-devel\", rpm:\"libgnutls11-devel~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls11\", rpm:\"lib64gnutls11~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls11-devel\", rpm:\"lib64gnutls11-devel~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:03", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200905-04.", "modified": "2017-07-07T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64043", "id": "OPENVAS:64043", "title": "Gentoo Security Advisory GLSA 200905-04 (gnutls)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in GnuTLS might result in a Denial of Service,\n spoofing or the generation of invalid keys.\";\ntag_solution = \"All GnuTLS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200905-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=267774\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200905-04.\";\n\n \n \n\nif(description)\n{\n script_id(64043);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200905-04 (gnutls)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-libs/gnutls\", unaffected: make_list(\"ge 2.6.6\"), vulnerable: make_list(\"lt 2.6.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnutls\nannounced via advisory MDVSA-2009:116.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064129", "id": "OPENVAS:136141256231064129", "title": "Mandrake Security Advisory MDVSA-2009:116 (gnutls)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_116.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:116 (gnutls)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in gnutls:\n\nlib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\nproperly handle invalid DSA signatures, which allows remote attackers\nto cause a denial of service (application crash) and possibly have\nunspecified other impact via a malformed DSA key that triggers a (1)\nfree of an uninitialized pointer or (2) double free (CVE-2009-1415).\n\nlib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\nRSA keys stored in DSA structures, instead of the intended DSA keys,\nwhich might allow remote attackers to spoof signatures on certificates\nor have unspecified other impact by leveraging an invalid DSA key\n(CVE-2009-1416).\n\ngnutls-cli in GnuTLS before 2.6.6 does not verify the activation\nand expiration times of X.509 certificates, which allows remote\nattackers to successfully present a certificate that is (1) not yet\nvalid or (2) no longer valid, related to lack of time checks in the\n_gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup\n(CVE-2009-1417).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:116\";\ntag_summary = \"The remote host is missing an update to gnutls\nannounced via advisory MDVSA-2009:116.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64129\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:116 (gnutls)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.3.0~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.6.4~1.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls11\", rpm:\"libgnutls11~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnutls11-devel\", rpm:\"libgnutls11-devel~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls11\", rpm:\"lib64gnutls11~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gnutls11-devel\", rpm:\"lib64gnutls11-devel~1.0.25~2.4.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:06", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200905-04.", "modified": "2018-04-06T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064043", "id": "OPENVAS:136141256231064043", "title": "Gentoo Security Advisory GLSA 200905-04 (gnutls)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in GnuTLS might result in a Denial of Service,\n spoofing or the generation of invalid keys.\";\ntag_solution = \"All GnuTLS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200905-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=267774\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200905-04.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64043\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200905-04 (gnutls)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-libs/gnutls\", unaffected: make_list(\"ge 2.6.6\"), vulnerable: make_list(\"lt 2.6.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:30:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update to kvm\nannounced via advisory USN-776-2.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64175", "id": "OPENVAS:64175", "title": "Ubuntu USN-776-2 (kvm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-776-2 (kvm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n kvm 1:62+dfsg-0ubuntu8.2\n\nAfter a standard system upgrade you need to restart all KVM VMs to effect\nthe necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-776-2\";\n\ntag_insight = \"USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a\nregression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to\nboot virtual machines started via libvirt. This update fixes the problem.\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Avi Kivity discovered that KVM did not correctly handle certain disk\n formats. A local attacker could attach a malicious partition that would\n allow the guest VM to read files on the VM host. (CVE-2008-1945,\n CVE-2008-2004)\n\n Alfredo Ortega discovered that KVM's VNC protocol handler did not\n correctly validate certain messages. A remote attacker could send\n specially crafted VNC messages that would cause KVM to consume CPU\n resources, leading to a denial of service. (CVE-2008-2382)\n\n Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC\n did not correctly handle certain bitblt operations. A local attacker could\n exploit this flaw to potentially execute arbitrary code on the VM host or\n crash KVM, leading to a denial of service. (CVE-2008-4539)\n\n It was discovered that KVM's VNC password checks did not use the correct\n length. A remote attacker could exploit this flaw to cause KVM to crash,\n leading to a denial of service. (CVE-2008-5714)\";\ntag_summary = \"The remote host is missing an update to kvm\nannounced via advisory USN-776-2.\";\n\n \n\n\nif(description)\n{\n script_id(64175);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-1945\", \"CVE-2008-2004\", \"CVE-2008-2382\", \"CVE-2008-4539\", \"CVE-2008-5714\", \"CVE-2009-1130\", \"CVE-2009-1574\", \"CVE-2009-0714\", \"CVE-2008-1517\", \"CVE-2007-2807\", \"CVE-2009-0159\", \"CVE-2009-1252\", \"CVE-2009-1578\", \"CVE-2009-1579\", \"CVE-2009-1580\", \"CVE-2009-1581\", \"CVE-2009-1418\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0342\", \"CVE-2009-0343\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1184\", \"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\", \"CVE-2009-0154\", \"CVE-2009-1150\", \"CVE-2009-1151\", \"CVE-2009-0922\", \"CVE-2009-1632\", \"CVE-2009-0945\", \"CVE-2009-0688\", \"CVE-2009-1527\", \"CVE-2009-1338\", \"CVE-2009-1242\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1337\", \"CVE-2009-0157\", \"CVE-2008-5077\", \"CVE-2008-5814\", \"CVE-2009-0721\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1265\", \"CVE-2009-1011\", \"CVE-2009-1010\", \"CVE-2009-1009\", \"CVE-2009-1161\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-776-2 (kvm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-776-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm-source\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.15-4+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.26-1um-2+15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd\", ver:\"2.3.7-1.1+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd3\", ver:\"3.0.7-3.lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-server\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "description": "\nSecurityFocus reports:\n\nGnuTLS is prone to multiple remote vulnerabilities:\n\nA remote code-execution vulnerability.\nA denial-of-service vulnerability.\nA signature-generation vulnerability.\nA signature-verification vulnerability.\n\nAn attacker can exploit these issues to potentially execute\n\t arbitrary code, trigger denial-of-service conditions, carry\n\t out attacks against data signed with weak signatures, and\n\t cause clients to accept expired or invalid certificates from\n\t servers.\n\n", "modified": "2009-05-21T00:00:00", "published": "2009-05-21T00:00:00", "id": "B31A1088-460F-11DE-A11A-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/b31a1088-460f-11de-a11a-0022156e8794.html", "title": "GnuTLS -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:116\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : gnutls\r\n Date : May 18, 2009\r\n Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in gnutls:\r\n \r\n lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not\r\n properly handle invalid DSA signatures, which allows remote attackers\r\n to cause a denial of service (application crash) and possibly have\r\n unspecified other impact via a malformed DSA key that triggers a (1)\r\n free of an uninitialized pointer or (2) double free (CVE-2009-1415).\r\n \r\n lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates\r\n RSA keys stored in DSA structures, instead of the intended DSA keys,\r\n which might allow remote attackers to spoof signatures on certificates\r\n or have unspecified other impact by leveraging an invalid DSA key\r\n (CVE-2009-1416).\r\n \r\n gnutls-cli in GnuTLS before 2.6.6 does not verify the activation\r\n and expiration times of X.509 certificates, which allows remote\r\n attackers to successfully present a certificate that is (1) not yet\r\n valid or (2) no longer valid, related to lack of time checks in the\r\n _gnutls_x509_verify_certificate function in lib/x509/verify.c in\r\n libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup\r\n (CVE-2009-1417).\r\n \r\n The updated packages have been patched to prevent this.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 6d7ecb7d91ba28868368b87e8053aea7 2008.1/i586/gnutls-2.3.0-2.5mdv2008.1.i586.rpm\r\n 96b8911ca78bf3e5fc613c712ff981d8 2008.1/i586/libgnutls26-2.3.0-2.5mdv2008.1.i586.rpm\r\n d6a02014de6dc2a0c15a2760e137bb51 2008.1/i586/libgnutls-devel-2.3.0-2.5mdv2008.1.i586.rpm \r\n 3fb2fe697587a4207059124a71ff44a1 2008.1/SRPMS/gnutls-2.3.0-2.5mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n b2a99ca654a7c67bfdc77c8c13d748d9 2008.1/x86_64/gnutls-2.3.0-2.5mdv2008.1.x86_64.rpm\r\n ecd43a69e956d43346c45450c7fc9051 2008.1/x86_64/lib64gnutls26-2.3.0-2.5mdv2008.1.x86_64.rpm\r\n 4347df4cc5403f6a427d9cd1e52080ea 2008.1/x86_64/lib64gnutls-devel-2.3.0-2.5mdv2008.1.x86_64.rpm \r\n 3fb2fe697587a4207059124a71ff44a1 2008.1/SRPMS/gnutls-2.3.0-2.5mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n c28c925bd7f0269611ac9c6dd392df28 2009.0/i586/gnutls-2.4.1-2.4mdv2009.0.i586.rpm\r\n 7a41677834cb818e4e8423fa2360e5e8 2009.0/i586/libgnutls26-2.4.1-2.4mdv2009.0.i586.rpm\r\n d47da33eac7b6477f2690c153d2e4408 2009.0/i586/libgnutls-devel-2.4.1-2.4mdv2009.0.i586.rpm \r\n dc2307362de50d642550c68a952e69aa 2009.0/SRPMS/gnutls-2.4.1-2.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 50eb92f492ac913e11223cf407df5cd4 2009.0/x86_64/gnutls-2.4.1-2.4mdv2009.0.x86_64.rpm\r\n e365c536596584def2d8b61ab4ad63a9 2009.0/x86_64/lib64gnutls26-2.4.1-2.4mdv2009.0.x86_64.rpm\r\n 13d3880ff941cf06ea4fedeed9ed927b 2009.0/x86_64/lib64gnutls-devel-2.4.1-2.4mdv2009.0.x86_64.rpm \r\n dc2307362de50d642550c68a952e69aa 2009.0/SRPMS/gnutls-2.4.1-2.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n bc07281e83debdbb5e652d0b84899c47 2009.1/i586/gnutls-2.6.4-1.2mdv2009.1.i586.rpm\r\n 89a97dd8d4cd8b717eacffdcf6d1fe59 2009.1/i586/libgnutls26-2.6.4-1.2mdv2009.1.i586.rpm\r\n cbaed84e3b4d9787c4c230b6fa44b7cc 2009.1/i586/libgnutls-devel-2.6.4-1.2mdv2009.1.i586.rpm \r\n 96fc806f2ac7db65af86ca7c6513d0f4 2009.1/SRPMS/gnutls-2.6.4-1.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n c785b4b48f78089add92553b67ecf7a5 2009.1/x86_64/gnutls-2.6.4-1.2mdv2009.1.x86_64.rpm\r\n 5c68d534e8741114dfbb9ddd937badf7 2009.1/x86_64/lib64gnutls26-2.6.4-1.2mdv2009.1.x86_64.rpm\r\n d21fab6a3225a1333b757707bbfa7be9 2009.1/x86_64/lib64gnutls-devel-2.6.4-1.2mdv2009.1.x86_64.rpm \r\n 96fc806f2ac7db65af86ca7c6513d0f4 2009.1/SRPMS/gnutls-2.6.4-1.2mdv2009.1.src.rpm\r\n\r\n Corporate 4.0:\r\n 72433f7e4e0952eabf5838e7de56f9cb corporate/4.0/i586/gnutls-1.0.25-2.4.20060mlcs4.i586.rpm\r\n 7a3ba08830a820772bb2ffdda5bd9304 corporate/4.0/i586/libgnutls11-1.0.25-2.4.20060mlcs4.i586.rpm\r\n cb04b2511750d20901be98da67a287c9 \r\ncorporate/4.0/i586/libgnutls11-devel-1.0.25-2.4.20060mlcs4.i586.rpm \r\n 2c5ddb3d77debdb4eb619896d264ef36 corporate/4.0/SRPMS/gnutls-1.0.25-2.4.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 84d3e0ac9c3b992b4d7dadd3f4a83f4f corporate/4.0/x86_64/gnutls-1.0.25-2.4.20060mlcs4.x86_64.rpm\r\n 4e97802d216f69842e6a373aa5d83aeb \r\ncorporate/4.0/x86_64/lib64gnutls11-1.0.25-2.4.20060mlcs4.x86_64.rpm\r\n 8af535b1023b577afbe122344fad21be \r\ncorporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.4.20060mlcs4.x86_64.rpm \r\n 2c5ddb3d77debdb4eb619896d264ef36 corporate/4.0/SRPMS/gnutls-1.0.25-2.4.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFKEU9PmqjQ0CJFipgRAqReAKD1n+ojNrGr4Ma04VzXwbqh6OzDYQCg0IfH\r\n8SmPTI0PYNZR4Y+HFkaLlrU=\r\n=g2Fs\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "modified": "2009-05-19T00:00:00", "published": "2009-05-19T00:00:00", "id": "SECURITYVULNS:DOC:21839", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21839", "title": "[Full-disclosure] [ MDVSA-2009:116 ] gnutls", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "DoS, certificate validation vulnerabilities.", "modified": "2009-05-19T00:00:00", "published": "2009-05-19T00:00:00", "id": "SECURITYVULNS:VULN:9913", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9913", "title": "gnutls multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "bulletinFamily": "unix", "description": "### Background\n\nGnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. \n\n### Description\n\nThe following vulnerabilities were found in GnuTLS: \n\n * Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free vulnerability (CVE-2009-1415).\n * Simon Josefsson reported that GnuTLS generates RSA keys stored in DSA structures when creating a DSA key (CVE-2009-1416).\n * Romain Francoise reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c does not perform time checks, resulting in the \"gnutls-cli\" program accepting X.509 certificates with validity times in the past or future (CVE-2009-1417).\n\n### Impact\n\nA remote attacker could entice a user or automated system to process a specially crafted DSA certificate, possibly resulting in a Denial of Service condition. NOTE: This issue might have other unspecified impact including the execution of arbitrary code. Furthermore, a remote attacker could spoof signatures on certificates and the \"gnutls-cli\" application can be tricked into accepting an invalid certificate. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.6.6\"", "modified": "2009-05-24T00:00:00", "published": "2009-05-24T00:00:00", "id": "GLSA-200905-04", "href": "https://security.gentoo.org/glsa/200905-04", "type": "gentoo", "title": "GnuTLS: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
