MiracleLinux 4 : libtasn1-2.3-3.AXS4.1 (AXSA:2012-480:01)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 vulnerable libtasn1 CVE-2012-1569 allows remote DoS via crafted ASN.1 in GnuTLS.

Reporter	Title	Published	Views	Family All 129
IBM Security Bulletins	IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6	15 Jun 201806:56	–	ibm
FreeBSD	libtasn1 -- ASN.1 length decoding vulnerability	20 Mar 201200:00	–	freebsd
ALT Linux	Security fix for the ALT Linux 6 package libtasn1 version 2.12-alt1	23 Mar 201200:00	–	altlinux
Amazon	Important: libtasn1	5 Apr 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : libtasn1 (ALAS-2012-60)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : libtasn1 (CESA-2012:0427)	28 Mar 201200:00	–	nessus
Tenable Nessus	CentOS 5 : gnutls (CESA-2012:0428)	28 Mar 201200:00	–	nessus
Tenable Nessus	Debian DSA-2440-1 : libtasn1-3 - missing bounds check	26 Mar 201200:00	–	nessus
Tenable Nessus	Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)	9 Apr 201200:00	–	nessus
Tenable Nessus	Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)	9 Apr 201200:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/2975
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-480:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284082);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id("CVE-2012-1569");

  script_name(english:"MiracleLinux 4 : libtasn1-2.3-3.AXS4.1 (AXSA:2012-480:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2012-480:01 advisory.

    This is the ASN.1 library used in GNUTLS.  More up to date information can be found at
    http://www.gnu.org/software/gnutls and http://www.gnutls.org
    Security issues fixed with this release:
    CVE-2012-1569
    The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before
    3.0.16 and other products, does not properly handle certain large length values, which allows remote
    attackers to cause a denial of service (heap memory corruption and application crash) or possibly have
    unspecified other impact via a crafted ASN.1 structure.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2975");
  script_set_attribute(attribute:"solution", value:
"Update the affected libtasn1 and / or libtasn1-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1569");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libtasn1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libtasn1-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'libtasn1-2.3-3.AXS4.1', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtasn1-2.3-3.AXS4.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtasn1-devel-2.3-3.AXS4.1', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtasn1-devel-2.3-3.AXS4.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtasn1 / libtasn1-devel');
}

14 Jan 2026 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 25

EPSS0.10166