Ubuntu: Security Advisory (USN-809-1)

2009-09-0200:00:00

plugins.openvas.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.64775");
  script_cve_id("CVE-2009-2409", "CVE-2009-2730");
  script_tag(name:"creation_date", value:"2009-09-02 02:58:39 +0000 (Wed, 02 Sep 2009)");
  script_version("2024-02-28T14:37:42+0000");
  script_tag(name:"last_modification", value:"2024-02-28 14:37:42 +0000 (Wed, 28 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_name("Ubuntu: Security Advisory (USN-809-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(6\.06\ LTS|8\.04\ LTS|8\.10|9\.04)");

  script_xref(name:"Advisory-ID", value:"USN-809-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-809-1");
  script_xref(name:"URL", value:"https://launchpad.net/bugs/305264");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'gnutls12, gnutls13, gnutls26' package(s) announced via the USN-809-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a machine-in-the-middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2730)

Dan Kaminsky discovered GnuTLS would still accept certificates with MD2
hash signatures. As a result, an attacker could potentially create a
malicious trusted certificate to impersonate another site. This issue only
affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409)

USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The
 upstream patches introduced a regression when validating certain certificate
 chains that would report valid certificates as untrusted. This update
 fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu
 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a
 strong security stance and address all known regressions, this update
 deprecates X.509 validation chains using MD2 and MD5 signatures. To accommodate
 sites which must still use a deprecated RSA-MD5 certificate, GnuTLS has been
 updated to stop looking when it has found a trusted intermediary certificate.
 This new handling of intermediary certificates is in accordance with other SSL
 implementations.

Original advisory details:

 Martin von Gagern discovered that GnuTLS did not properly verify
 certificate chains when the last certificate in the chain was self-signed.
 If a remote attacker were able to perform a machine-in-the-middle attack, this
 flaw could be exploited to view sensitive information. (CVE-2008-4989)");

  script_tag(name:"affected", value:"'gnutls12, gnutls13, gnutls26' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU6.06 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"libgnutls12", ver:"1.2.9-2ubuntu1.7", rls:"UBUNTU6.06 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU8.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"libgnutls13", ver:"2.0.4-1ubuntu2.6", rls:"UBUNTU8.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU8.10") {

  if(!isnull(res = isdpkgvuln(pkg:"libgnutls26", ver:"2.4.1-1ubuntu0.4", rls:"UBUNTU8.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU9.04") {

  if(!isnull(res = isdpkgvuln(pkg:"libgnutls26", ver:"2.4.2-6ubuntu0.1", rls:"UBUNTU9.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);