PRIOn knowledge basePRION:CVE-2006-0645Design/Logic Flaw
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via “out-of-bounds access” caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
References
josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
rhn.redhat.com/errata/RHSA-2006-0207.html
secunia.com/advisories/18794
secunia.com/advisories/18815
secunia.com/advisories/18830
secunia.com/advisories/18832
secunia.com/advisories/18898
secunia.com/advisories/18918
secunia.com/advisories/19080
secunia.com/advisories/19092
securityreason.com/securityalert/446
securitytracker.com/id?1015612
www.debian.org/security/2006/dsa-985
www.debian.org/security/2006/dsa-986
www.gentoo.org/security/en/glsa/glsa-200602-08.xml
www.gleg.net/protover_ssl.shtml
www.mandriva.com/security/advisories?name=MDKSA-2006:039
www.osvdb.org/23054
www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
www.securityfocus.com/archive/1/424538/100/0/threaded
www.securityfocus.com/bid/16568
www.trustix.org/errata/2006/0008
www.vupen.com/english/advisories/2006/0496
exchange.xforce.ibmcloud.com/vulnerabilities/24606
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
usn.ubuntu.com/251-1/
Related
