Lucene search
RootSSV:11185HistoryMay 04, 2009 - 12:00 a.m.
GnuTLS库多个远程安全漏洞
2009-05-0400:00:00
Root
www.seebug.org
15
0.061 Low
EPSS
Percentile
92.8%
BUGTRAQ ID: 34783
CVE(CAN) ID: CVE-2009-1416,CVE-2009-1415,CVE-2009-1417
GnuTLS是用于实现TLS加密协议的函数库。
GnuTLS中的多个安全漏洞可能被远程利用执行欺骗攻击、绕过某些安全限制或导致拒绝服务。
-
处理无效DSA密钥中的错误可能导致释放无效内存,客户端应用可能会崩溃。
-
GnuTLS库生成的是RSA密钥而不是DSA密钥,而RSA密钥生成的是弱加密签名。
-
gnutls-cli应用没有正确地检查X.509证书的激活和过期日期,可能诱骗应用程序接受无效的证书。
0
GNU GnuTLS < 2.6.6
GNU
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2 target=_blank rel=external nofollow>ftp://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.6.tar.bz2</a>
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Related
nessus
nessus
Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)
2009-05-19 00:00:00
GLSA-200905-04 : GnuTLS: Multiple vulnerabilities
2009-05-26 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDVSA-2009:116 ] gnutls
2009-05-19 00:00:00
gnutls multiple security vulnerabilities
2009-05-19 00:00:00
openvas
openvas
FreeBSD Ports: gnutls
2009-09-02 00:00:00
FreeBSD Ports: gnutls
2009-09-02 00:00:00
Gentoo Security Advisory GLSA 200905-04 (gnutls)
2009-05-25 00:00:00
freebsd
freebsd
GnuTLS -- multiple vulnerabilities
2009-05-21 00:00:00
gentoo
gentoo
GnuTLS: Multiple vulnerabilities
2009-05-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1
2009-04-30 00:00:00
Security fix for the ALT Linux 9 package gnutls30 version 2.6.6-alt1
2009-04-30 00:00:00
slackware
slackware
gnutls
2009-05-09 13:05:09
prion
prion
seebug
seebug
GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing
2014-07-01 00:00:00
ubuntucve
ubuntucve
cve
cve
exploitpack
exploitpack
exploitdb
exploitdb