GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service

Sorry I forgot to write headers in previous mail. Exploit Title: possible ways to exploit CVE-2012-1663 GNUTLS-3.0.13 Google Dork: if relevant we will automatically add these to the GHDB Date: Mar 20, 2013 Exploit Author: Shawn the R0ck Vendor Homepage: http://www.gnutls.org/ Software Link:...

GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS

Exploit for linux platform in category dos / poc CVE-2013-16631 is a possible remote DOS attack issue. This issue has been fixed2 in =GNUTLS-3.0.14. I hacked on it for hours and figure out a few prerequisites could make it vulnerable: ============================= REQUIRED: - prior to GNUTLS 3.0....

Fedora Update for mingw-gnutls FEDORA-2013-3453

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for mingw-gnutls FEDORA-2013-3438

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for mingw-gnutls FEDORA-2013-3453

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-3453 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for mingw-gnutls FEDORA-2013-3438

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-3438 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for gnutls FEDORA-2013-2984

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for libtasn1 FEDORA-2013-2984

Check for the Version of libtasn1 OpenVAS Vulnerability Test Fedora Update for libtasn1 FEDORA-2013-2984 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for gnutls FEDORA-2013-2984

Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2013-2984 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.23-1.fc17

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.23-1.fc18

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Fedora 18 : mingw-gnutls-2.12.23-1.fc18 (2013-3453)

Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...

Fedora 17 : mingw-gnutls-2.12.23-1.fc17 (2013-3438)

Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...

Medium: gnutls

Issue Overview: It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding...

gnutls: TLS CBC padding timing attack (lucky-13)

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora 17 : gnutls-2.12.23-1.fc17 / libtasn1-2.14-1.fc17 (2013-2984)

Minor security and bugfix update from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 17 Update: gnutls-2.12.23-1.fc17

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

[SECURITY] Fedora 17 Update: libtasn1-2.14-1.fc17

This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org...

CentOS Update for gnutls CESA-2013:0588 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...