ID SUSE-SU-2014:0758-1 Type suse Reporter Suse Modified 2014-06-05T03:04:15
Description
GnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have
been fixed.
Further information is available at
<a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>
<<a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>
These security issues have been fixed:
* Possible memory corruption during connect (CVE-2014-3466)
* Multiple boundary check issues could allow DoS (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
* Possible DoS by NULL pointer dereference (CVE-2014-3469)
{"f5": [{"lastseen": "2017-06-08T00:16:30", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 470817 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 \n| None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 \n| None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 \n| None \nBIG-IP APM | None | 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4 \n| None \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.5.1 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | 6.0.0 - 6.4.0 | None | ARX GUI \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.3.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.3.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.3.0 \n| None \nLineRate | None | 2.2.0 - 2.4.0 \n1.6.0 - 1.6.4 \n| None\n\n**ARX**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-07-25T19:54:00", "published": "2014-07-17T18:28:00", "id": "F5:K15423", "href": "https://support.f5.com/csp/article/K15423", "title": "GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-03T05:27:38", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\n**ARX**\n\nIf the previous table lists a version in the\u00c2 **Versions known to be not vulnerable**\u00c2 column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2014-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html", "id": "SOL15423", "type": "f5", "title": "SOL15423 - GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:31", "bulletinFamily": "software", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-17T00:00:00", "published": "2014-06-19T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15345.html", "id": "SOL15345", "title": "SOL15345 - GnuTLS vulnerability CVE-2014-3466", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-3466", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3466", "published": "2014-06-03T14:55:00", "title": "CVE-2014-3466", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.\nPer: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "modified": "2019-04-22T17:48:00", "id": "CVE-2014-3469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3469", "published": "2014-06-05T20:55:00", "title": "CVE-2014-3469", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.", "modified": "2019-04-22T17:48:00", "id": "CVE-2014-3467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3467", "published": "2014-06-05T20:55:00", "title": "CVE-2014-3467", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.", "modified": "2019-04-22T17:48:00", "id": "CVE-2014-3468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3468", "published": "2014-06-05T20:55:00", "title": "CVE-2014-3468", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:07:45", "bulletinFamily": "unix", "description": "GnuTLS has been patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 have\n been fixed.\n\n Further information is available at\n <a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>\n <<a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>\n\n These security issues have been fixed:\n\n * Possible memory corruption during connect (CVE-2014-3466)\n * Multiple boundary check issues could allow DoS (CVE-2014-3467)\n * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)\n * Possible DoS by NULL pointer dereference (CVE-2014-3469)\n * Possible timing side-channel attack (Lucky 13) (CVE-2013-1619)\n\n One additional bug has been fixed:\n\n * Allow unsafe renegotiation (bnc#554084)\n", "modified": "2014-06-16T18:04:14", "published": "2014-06-16T18:04:14", "id": "SUSE-SU-2014:0800-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00020.html", "title": "Security update for GnuTLS (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:45:32", "bulletinFamily": "unix", "description": "GnuTLS has been patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 have\n been fixed.\n\n Further information is available at\n <a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>\n <<a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>\n\n These security issues have been fixed:\n\n * Possible memory corruption during connect (CVE-2014-3466)\n * Multiple boundary check issues could allow DoS (CVE-2014-3467)\n * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)\n * Possible DoS by NULL pointer dereference (CVE-2014-3469)\n", "modified": "2014-06-13T20:04:13", "published": "2014-06-13T20:04:13", "id": "SUSE-SU-2014:0788-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00017.html", "type": "suse", "title": "Security update for GnuTLS (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:38:48", "bulletinFamily": "unix", "description": "GnuTLS has been patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 have\n been fixed.\n\n Further information is available at\n <a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>\n <<a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>\n\n These security issues have been fixed:\n\n * Possible memory corruption during connect (CVE-2014-3466)\n * Multiple boundary check issues could allow DoS (CVE-2014-3467)\n * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)\n * Possible DoS by NULL pointer dereference (CVE-2014-3469)\n", "modified": "2014-06-13T02:04:36", "published": "2014-06-13T02:04:36", "id": "SUSE-SU-2014:0758-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00016.html", "title": "Security update for GnuTLS (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:35", "bulletinFamily": "unix", "description": "GnuTLS was patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 were\n fixed.\n\n * Possible memory corruption during connect. (CVE-2014-3466)\n * Multiple boundary check issues could allow DoS. (CVE-2014-3467)\n * asn1_get_bit_der() can return negative bit length. (CVE-2014-3468)\n * Possible DoS by NULL pointer dereference. (CVE-2014-3469)\n\n Further information is available at\n <a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>\n <<a rel=\"nofollow\" href=\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>> .\n\n Security Issues references:\n\n * CVE-2014-3466\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466</a>>\n * CVE-2014-3467\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467</a>>\n * CVE-2014-3468\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468</a>>\n * CVE-2014-3469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469</a>>\n\n", "modified": "2014-06-13T00:04:29", "published": "2014-06-13T00:04:29", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html", "id": "SUSE-SU-2014:0788-1", "type": "suse", "title": "Security update for GnuTLS (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:33", "bulletinFamily": "unix", "description": "libtasn1 has been updated to fix three security issues:\n\n * asn1_get_bit_der() could have returned negative bit length\n (CVE-2014-3468)\n * Multiple boundary check issues could have allowed DoS (CVE-2014-3467)\n * Possible DoS by NULL pointer dereference in asn1_read_value_type\n (CVE-2014-3469)\n\n Security Issues:\n\n * CVE-2014-3468\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468</a>>\n * CVE-2014-3467\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467</a>>\n * CVE-2014-3469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469</a>>\n\n", "modified": "2014-07-24T03:05:20", "published": "2014-07-24T03:05:20", "id": "SUSE-SU-2014:0931-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00019.html", "type": "suse", "title": "Security update for libtasn1 (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:47", "bulletinFamily": "scanner", "description": "An updated rhev-hypervisor6 package that fixes several security issues is now available.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466, CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that includes fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0815.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79108", "published": "2014-11-11T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0815. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79108);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67741, 67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0815\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes several security issues\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting\nCVE-2014-3466, CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that\nincludes fixes for various security issues. These issues have no\nsecurity impact on Red Hat Enterprise Virtualization Hypervisor\nitself, however. The security fixes included in this update address\nthe following CVE numbers :\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738,\nCVE-2014-1874, CVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0815\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20140624.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "modified": "2014-06-06T00:00:00", "id": "SLACKWARE_SSA_2014-156-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74329", "published": "2014-06-06T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-156-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74329);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/06 10:45:01 $\");\n\n script_cve_id(\"CVE-2014-3465\", \"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_xref(name:\"SSA\", value:\"2014-156-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.547936\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2770551a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"i486\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"i486\", pkgnum:\"4_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"gnutls\", pkgver:\"3.0.32\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.0.32\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"gnutls\", pkgver:\"3.1.25\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.1.25\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnutls\", pkgver:\"3.2.15\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"3.2.15\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0594 :\n\nUpdated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2014-0594.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74296", "published": "2014-06-04T00:00:00", "title": "Oracle Linux 5 : gnutls (ELSA-2014-0594)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0594 and \n# Oracle Linux Security Advisory ELSA-2014-0594 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74296);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67741, 67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0594\");\n\n script_name(english:\"Oracle Linux 5 : gnutls (ELSA-2014-0594)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0594 :\n\nUpdated gnutls packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these\nissues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the\noriginal reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct these issues. For the update to take effect, all\napplications linked to the GnuTLS or libtasn1 library must be\nrestarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004167.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nFor the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "modified": "2018-12-28T00:00:00", "id": "SL_20140603_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74305", "published": "2014-06-04T00:00:00", "title": "Scientific Linux Security Update : gnutls on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74305);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nFor the update to take effect, all applications linked to the GnuTLS\nor libtasn1 library must be restarted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=301\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d6ad305\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "Updated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0594.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74301", "published": "2014-06-04T00:00:00", "title": "RHEL 5 : gnutls (RHSA-2014:0594)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0594. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74301);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67741, 67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0594\");\n\n script_name(english:\"RHEL 5 : gnutls (RHSA-2014:0594)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these\nissues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the\noriginal reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct these issues. For the update to take effect, all\napplications linked to the GnuTLS or libtasn1 library must be\nrestarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3468\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0594\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-1.4.1-16.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-debuginfo-1.4.1-16.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-devel-1.4.1-16.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-utils\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "Updated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-0594.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74309", "published": "2014-06-05T00:00:00", "title": "CentOS 5 : gnutls (CESA-2014:0594)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0594 and \n# CentOS Errata and Security Advisory 2014:0594 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74309);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67741, 67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0594\");\n\n script_name(english:\"CentOS 5 : gnutls (CESA-2014:0594)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract\nSyntax Notation One (ASN.1) parsing and structures management, and\nDistinguished Encoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these\nissues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the\noriginal reporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich correct these issues. For the update to take effect, all\napplications linked to the GnuTLS or libtasn1 library must be\nrestarted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020339.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6543c6ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-devel-1.4.1-16.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-utils-1.4.1-16.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:14", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. (CVE-2014-3465)\n\n - Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. (CVE-2014-3466)\n\n - Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data.\n (CVE-2014-3467)\n\n - The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. (CVE-2014-3468)\n\n - The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. (CVE-2014-3469)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_GNUTLS_20141120.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80632", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80632);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-3465\", \"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The gnutls_x509_dn_oid_name function in\n lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x\n before 3.2.10 allows remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted\n X.509 certificate, related to a missing LDAP description\n for an OID when printing the DN. (CVE-2014-3465)\n\n - Buffer overflow in the read_server_hello function in\n lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x\n before 3.2.15, and 3.3.x before 3.3.4 allows remote\n servers to cause a denial of service (memory corruption)\n or possibly execute arbitrary code via a long session id\n in a ServerHello message. (CVE-2014-3466)\n\n - Multiple unspecified vulnerabilities in the DER decoder\n in GNU Libtasn1 before 3.6, as used in GnutTLS, allow\n remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted ASN.1 data.\n (CVE-2014-3467)\n\n - The asn1_get_bit_der function in GNU Libtasn1 before 3.6\n does not properly report an error when a negative bit\n length is identified, which allows context-dependent\n attackers to cause out-of-bounds access via crafted\n ASN.1 data. (CVE-2014-3468)\n\n - The (1) asn1_read_value_type and (2) asn1_read_value\n functions in GNU Libtasn1 before 3.6 allows\n context-dependent attackers to cause a denial of service\n (NULL pointer dereference and crash) via a NULL value in\n an ivalue argument. (CVE-2014-3469)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-gnutls\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5436882a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.21.4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:gnutls\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^gnutls$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.21.0.4.1\", sru:\"SRU 11.1.21.4.1\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : gnutls\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"gnutls\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed.\n\nFurther information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\n\nThese security issues have been fixed :\n\n - Possible memory corruption during connect.\n (CVE-2014-3466)\n\n - Multiple boundary check issues could allow DoS.\n (CVE-2014-3467)\n\n - asn1_get_bit_der() can return negative bit length.\n (CVE-2014-3468)\n\n - Possible DoS by NULL pointer dereference (CVE-2014-3469)", "modified": "2014-06-05T00:00:00", "id": "SUSE_11_GNUTLS-140603.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74321", "published": "2014-06-05T00:00:00", "title": "SuSE 11.3 Security Update : gnutls (SAT Patch Number 9320)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74321);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/05 10:56:39 $\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n\n script_name(english:\"SuSE 11.3 Security Update : gnutls (SAT Patch Number 9320)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GnuTLS has been patched to ensure proper parsing of session ids during\nthe TLS/SSL handshake. Additionally, three issues inherited from\nlibtasn1 have been fixed.\n\nFurther information is available at\nhttp://www.gnutls.org/security.html#GNUTLS-SA-2014-3\n\nThese security issues have been fixed :\n\n - Possible memory corruption during connect.\n (CVE-2014-3466)\n\n - Multiple boundary check issues could allow DoS.\n (CVE-2014-3467)\n\n - asn1_get_bit_der() can return negative bit length.\n (CVE-2014-3468)\n\n - Possible DoS by NULL pointer dereference (CVE-2014-3469)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3469.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9320.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"gnutls-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"gnutls-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libgnutls-extra26-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libgnutls26-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.39.51.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.51.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\n\nAll libtasn1 users are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the libtasn1 library must be restarted.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-0596.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74311", "published": "2014-06-05T00:00:00", "title": "CentOS 6 : libtasn1 (CESA-2014:0596)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0596 and \n# CentOS Errata and Security Advisory 2014:0596 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74311);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0596\");\n\n script_name(english:\"CentOS 6 : libtasn1 (CESA-2014:0596)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtasn1 packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libtasn1 library provides Abstract Syntax Notation One (ASN.1)\nparsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these\nissues.\n\nAll libtasn1 users are advised to upgrade to these updated packages,\nwhich correct these issues. For the update to take effect, all\napplications linked to the libtasn1 library must be restarted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020341.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41bd627c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-2.3-6.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-devel-2.3-6.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-tools-2.3-6.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:14", "bulletinFamily": "scanner", "description": "new upstream release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-6895.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74317", "published": "2014-06-05T00:00:00", "title": "Fedora 20 : libtasn1-3.6-1.fc20 (2014-6895)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-6895.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74317);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:40:32 $\");\n\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67745, 67748, 67749);\n script_xref(name:\"FEDORA\", value:\"2014-6895\");\n\n script_name(english:\"Fedora 20 : libtasn1-3.6-1.fc20 (2014-6895)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1102022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1102323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1102329\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/133918.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e869799c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"libtasn1-3.6-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the GnuTLS or libtasn1 library must be restarted.\n", "modified": "2017-09-08T12:17:52", "published": "2014-06-03T04:00:00", "id": "RHSA-2014:0594", "href": "https://access.redhat.com/errata/RHSA-2014:0594", "type": "redhat", "title": "(RHSA-2014:0594) Important: gnutls security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "description": "The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing\nand structures management, and Distinguished Encoding Rules (DER) encoding\nand decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\n\nAll libtasn1 users are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the libtasn1 library must be restarted.\n", "modified": "2018-04-12T03:32:42", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0687", "href": "https://access.redhat.com/errata/RHSA-2014:0687", "type": "redhat", "title": "(RHSA-2014:0687) Moderate: libtasn1 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "description": "The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing\nand structures management, and Distinguished Encoding Rules (DER) encoding\nand decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\n\nAll libtasn1 users are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the libtasn1 library must be restarted.\n", "modified": "2018-06-06T20:24:13", "published": "2014-06-03T04:00:00", "id": "RHSA-2014:0596", "href": "https://access.redhat.com/errata/RHSA-2014:0596", "type": "redhat", "title": "(RHSA-2014:0596) Moderate: libtasn1 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:58", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466,\nCVE-2014-3468, CVE-2014-3467, and CVE-2014-3469. Upstream acknowledges\nJoonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that includes\nfixes for various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The security\nfixes included in this update address the following CVE numbers:\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874,\nCVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.\n", "modified": "2018-06-07T08:59:40", "published": "2014-06-30T04:00:00", "id": "RHSA-2014:0815", "href": "https://access.redhat.com/errata/RHSA-2014:0815", "type": "redhat", "title": "(RHSA-2014:0815) Important: rhev-hypervisor6 security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:35", "bulletinFamily": "unix", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n", "modified": "2018-06-06T20:24:20", "published": "2014-06-03T04:00:00", "id": "RHSA-2014:0595", "href": "https://access.redhat.com/errata/RHSA-2014:0595", "type": "redhat", "title": "(RHSA-2014:0595) Important: gnutls security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:19", "bulletinFamily": "unix", "description": "New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/gnutls-3.1.25-i486-1_slack14.1.txz: Upgraded.\n A security issue has been corrected in gnutls. This vulnerability\n affects the client side of the gnutls library. A server that sends\n a specially crafted ServerHello could corrupt the memory of a requesting\n client. This may allow a remote attacker to execute arbitrary code.\n Additional vulnerabilities in the embedded libtasn1 library have also\n been patched.\n Thanks to mancha for the backported patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-4_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-4_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-4_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-4_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-4_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-4_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.0.32-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.0.32-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnutls-3.1.25-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnutls-3.1.25-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.2.15-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.2.15-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n0acf23b4cdae1b1dee923b33e110c790 gnutls-2.8.4-i486-4_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nc371d06f05c831f8fbb5b04d9d1d5464 gnutls-2.8.4-x86_64-4_slack13.0.txz\n\nSlackware 13.1 package:\n328bd02609ac00a98e9d07592c4bae82 gnutls-2.8.6-i486-4_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8a59e02464b6b414b56b5077dc1f38e1 gnutls-2.8.6-x86_64-4_slack13.1.txz\n\nSlackware 13.37 package:\n8659a0ab255d28a6bc16c4e625c53690 gnutls-2.10.5-i486-4_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n8617b26c38e4501311021a00e4999cb7 gnutls-2.10.5-x86_64-4_slack13.37.txz\n\nSlackware 14.0 package:\n2d8b9a95c97aad5cc84a7b92ccb281c8 gnutls-3.0.32-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nad2d0fca978564aa199588a468bfe160 gnutls-3.0.32-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nabd6c425bc3a12cfad1bce8a586bdc4c gnutls-3.1.25-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n4c28e2ab32e385f9569a4aab54c91db8 gnutls-3.1.25-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ndfc1769af2693d3fa04206afd1993cdb n/gnutls-3.2.15-i486-1.txz\n\nSlackware x86_64 -current package:\n0639e73bef1015eff97c50b95eac84cc n/gnutls-3.2.15-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-3.1.25-i486-1_slack14.1.txz", "modified": "2014-06-05T22:26:16", "published": "2014-06-05T22:26:16", "id": "SSA-2014-156-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.547936", "title": "gnutls", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T07:37:03", "bulletinFamily": "unix", "description": "New libtasn1 packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libtasn1-3.6-i486-1_slack14.1.txz: Upgraded.\n Multiple security issues have been corrected in the libtasn1 library.\n These errors allow a remote attacker to cause a denial of service, or\n possibly to execute arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtasn1-2.14-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtasn1-2.14-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libtasn1-3.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libtasn1-3.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtasn1-3.6-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtasn1-3.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n22d723842f7271921e505614506c25c1 libtasn1-2.14-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1374d9b06e63dad56865898d6c834493 libtasn1-2.14-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nba845b678c9df080c4ea90350a40b89f libtasn1-3.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nedf7a2af4e854d123abee95633dbcaf2 libtasn1-3.6-x86_64-1_slack14.1.txz\n\nSlackware -current package:\na15bbcfe1354fe013da59161314eeba4 l/libtasn1-3.6-i486-1.txz\n\nSlackware x86_64 -current package:\nc22b8a7c725552c56f6cd21c697902de l/libtasn1-3.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libtasn1-3.6-i486-1_slack14.1.txz", "modified": "2014-06-05T22:26:49", "published": "2014-06-05T22:26:49", "id": "SSA-2014-156-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.399939", "title": "libtasn1", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310881942", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881942", "title": "CentOS Update for gnutls CESA-2014:0594 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2014:0594 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881942\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:18:39 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for gnutls CESA-2014:0594 centos5\");\n\n script_tag(name:\"affected\", value:\"gnutls on CentOS 5\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic\nalgorithms and for protocols such as Transport Layer Security (TLS). The gnutls\npackages also include the libtasn1 library, which provides Abstract Syntax\nNotation One (ASN.1) parsing and structures management, and Distinguished\nEncoding Rules (DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the GnuTLS or libtasn1 library must be restarted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0594\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020339.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~16.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~16.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~16.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850795", "title": "SuSE Update for gnutls SUSE-SU-2014:0758-1 (gnutls)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0758_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for gnutls SUSE-SU-2014:0758-1 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850795\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for gnutls SUSE-SU-2014:0758-1 (gnutls)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GnuTLS has been patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have\n been fixed.\n\n These security issues have been fixed:\n\n * Possible memory corruption during connect (CVE-2014-3466)\n\n * Multiple boundary check issues could allow DoS (CVE-2014-3467)\n\n * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)\n\n * Possible DoS by NULL pointer dereference (CVE-2014-3469)\");\n\n script_xref(name:\"URL\", value:\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\");\n\n script_tag(name:\"affected\", value:\"gnutls on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0758_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.39.51.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.39.51.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.39.51.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26-32bit\", rpm:\"libgnutls26-32bit~2.4.1~24.39.51.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26-x86\", rpm:\"libgnutls26-x86~2.4.1~24.39.51.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310871173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871173", "title": "RedHat Update for gnutls RHSA-2014:0594-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2014:0594-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871173\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 15:57:33 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for gnutls RHSA-2014:0594-01\");\n\n\n script_tag(name:\"affected\", value:\"gnutls on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the GnuTLS or libtasn1 library must be restarted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0594-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00003.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~16.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~16.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~16.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~16.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850907", "title": "SuSE Update for GnuTLS SUSE-SU-2014:0788-1 (GnuTLS)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0788_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for GnuTLS SUSE-SU-2014:0788-1 (GnuTLS)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850907\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:58:05 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for GnuTLS SUSE-SU-2014:0788-1 (GnuTLS)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GnuTLS'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GnuTLS was patched to ensure proper parsing of session ids during the\n TLS/SSL handshake. Additionally three issues inherited from libtasn1 were\n fixed.\n\n * Possible memory corruption during connect. (CVE-2014-3466)\n\n * Multiple boundary check issues could allow DoS. (CVE-2014-3467)\n\n * asn1_get_bit_der() can return negative bit length. (CVE-2014-3468)\n\n * Possible DoS by NULL pointer dereference. (CVE-2014-3469)\");\n\n script_xref(name:\"URL\", value:\"http://www.gnutls.org/security.html#GNUTLS-SA-2014-3\");\n\n script_tag(name:\"affected\", value:\"GnuTLS on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0788_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLES11\\.0SP2|SLES11\\.0SP1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.39.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.39.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.39.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26-32bit\", rpm:\"libgnutls26-32bit~2.4.1~24.39.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~24.39.53.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-extra26\", rpm:\"libgnutls-extra26~2.4.1~24.39.53.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~24.39.53.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26-32bit\", rpm:\"libgnutls26-32bit~2.4.1~24.39.53.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0594", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123404", "title": "Oracle Linux Local Check: ELSA-2014-0594", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0594.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123404\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0594\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0594 - gnutls security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0594\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0594.html\");\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~16.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~16.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~16.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-07-04T00:00:00", "id": "OPENVAS:1361412562310871190", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871190", "title": "RedHat Update for libtasn1 RHSA-2014:0687-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtasn1 RHSA-2014:0687-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871190\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:47 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for libtasn1 RHSA-2014:0687-01\");\n\n\n script_tag(name:\"affected\", value:\"libtasn1 on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing\nand structures management, and Distinguished Encoding Rules (DER) encoding\nand decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\n\nAll libtasn1 users are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the libtasn1 library must be restarted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0687-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00025.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~3.3~5.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-debuginfo\", rpm:\"libtasn1-debuginfo~3.3~5.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~3.3~5.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0687", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123353", "title": "Oracle Linux Local Check: ELSA-2014-0687", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0687.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123353\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0687\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0687 - libtasn1 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0687\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0687.html\");\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~3.3~5.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~3.3~5.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~3.3~5.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310867854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867854", "title": "Fedora Update for libtasn1 FEDORA-2014-6895", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2014-6895\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867854\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 11:58:01 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2014-6895\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6895\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/133918.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~3.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850814", "title": "SuSE Update for libtasn1 SUSE-SU-2014:0931-1 (libtasn1)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0931_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for libtasn1 SUSE-SU-2014:0931-1 (libtasn1)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850814\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for libtasn1 SUSE-SU-2014:0931-1 (libtasn1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"libtasn1 has been updated to fix three security issues:\n\n * asn1_get_bit_der() could have returned negative bit length\n (CVE-2014-3468)\n\n * Multiple boundary check issues could have allowed DoS (CVE-2014-3467)\n\n * Possible DoS by NULL pointer dereference in asn1_read_value_type\n (CVE-2014-3469)\");\n\n script_tag(name:\"affected\", value:\"libtasn1 on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0931_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~1.5~1.28.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-3\", rpm:\"libtasn1-3~1.5~1.28.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-3-32bit\", rpm:\"libtasn1-3-32bit~1.5~1.28.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-3-x86\", rpm:\"libtasn1-3-x86~1.5~1.28.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.", "modified": "2019-03-19T00:00:00", "published": "2014-10-26T00:00:00", "id": "OPENVAS:1361412562310703056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703056", "title": "Debian Security Advisory DSA 3056-1 (libtasn1-3 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3056.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3056-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703056\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_name(\"Debian Security Advisory DSA 3056-1 (libtasn1-3 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-26 00:00:00 +0200 (Sun, 26 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3056.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libtasn1-3 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-2+deb7u1.\n\nWe recommend that you upgrade your libtasn1-3 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-bin\", ver:\"2.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dbg\", ver:\"2.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dev\", ver:\"2.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\nHi!\r\n\r\nNew GnuTLS and libtasn1 versions fix few issues you might be interested\r\nto look at:\r\n\r\nhttp://www.gnutls.org/security.html#GNUTLS-SA-2014-3\r\n\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3465\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3466\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3467\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3468\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3469\r\n\r\n-- Tomas Hoger / Red Hat Security Response Team\r\n\r\n", "modified": "2014-06-02T00:00:00", "published": "2014-06-02T00:00:00", "id": "SECURITYVULNS:DOC:30783", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30783", "title": "[oss-security] GnuTLS and libtasn1 security fixes", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Buffer overflows, integer overflows, NULL pointer dereference.", "modified": "2014-06-02T00:00:00", "published": "2014-06-02T00:00:00", "id": "SECURITYVULNS:VULN:13806", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13806", "title": "GnuTLS and libtasn1 multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-05-29T18:33:37", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0594\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). The gnutls packages also\ninclude the libtasn1 library, which provides Abstract Syntax Notation One\n(ASN.1) parsing and structures management, and Distinguished Encoding Rules\n(DER) encoding and decoding functions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the GnuTLS or libtasn1 library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020339.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0594.html", "modified": "2014-06-04T09:31:23", "published": "2014-06-04T09:31:23", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020339.html", "id": "CESA-2014:0594", "title": "gnutls security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0596\n\n\nThe libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing\nand structures management, and Distinguished Encoding Rules (DER) encoding\nand decoding functions.\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting these issues.\n\nAll libtasn1 users are advised to upgrade to these updated packages, which\ncorrect these issues. For the update to take effect, all applications\nlinked to the libtasn1 library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020341.html\n\n**Affected packages:**\nlibtasn1\nlibtasn1-devel\nlibtasn1-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0596.html", "modified": "2014-06-04T10:04:23", "published": "2014-06-04T10:04:23", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020341.html", "id": "CESA-2014:0596", "title": "libtasn1 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0595\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nRed Hat would like to thank GnuTLS upstream for reporting this issue.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncorrect this issue. For the update to take effect, all applications linked\nto the GnuTLS library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020338.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0595.html", "modified": "2014-06-04T09:21:48", "published": "2014-06-04T09:21:48", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020338.html", "id": "CESA-2014:0595", "title": "gnutls security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:15", "bulletinFamily": "unix", "description": "It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467)\n\nIt was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3468)\n\nIt was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3469)", "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "USN-2294-1", "href": "https://usn.ubuntu.com/2294-1/", "title": "Libtasn1 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:22:19", "bulletinFamily": "unix", "description": "Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a man in the middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.", "modified": "2014-06-02T00:00:00", "published": "2014-06-02T00:00:00", "id": "USN-2229-1", "href": "https://usn.ubuntu.com/2229-1/", "title": "GnuTLS vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nThe ASN.1 library used in GNUTLS.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU Libtasn1. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Libtasn1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libtasn1-3.6\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "modified": "2014-08-29T00:00:00", "published": "2014-08-29T00:00:00", "id": "GLSA-201408-09", "href": "https://security.gentoo.org/glsa/201408-09", "type": "gentoo", "title": "GNU Libtasn1: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:46", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. ([CVE-2014-3468 __](<https://access.redhat.com/security/cve/CVE-2014-3468>))\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. ([CVE-2014-3467 __](<https://access.redhat.com/security/cve/CVE-2014-3467>))\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. ([CVE-2014-3469 __](<https://access.redhat.com/security/cve/CVE-2014-3469>))\n\n \n**Affected Packages:** \n\n\nlibtasn1\n\n \n**Issue Correction:** \nRun _yum update libtasn1_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libtasn1-devel-2.3-6.6.amzn1.i686 \n libtasn1-2.3-6.6.amzn1.i686 \n libtasn1-tools-2.3-6.6.amzn1.i686 \n libtasn1-debuginfo-2.3-6.6.amzn1.i686 \n \n src: \n libtasn1-2.3-6.6.amzn1.src \n \n x86_64: \n libtasn1-debuginfo-2.3-6.6.amzn1.x86_64 \n libtasn1-2.3-6.6.amzn1.x86_64 \n libtasn1-devel-2.3-6.6.amzn1.x86_64 \n libtasn1-tools-2.3-6.6.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T10:24:00", "published": "2014-09-19T10:24:00", "id": "ALAS-2014-359", "href": "https://alas.aws.amazon.com/ALAS-2014-359.html", "title": "Medium: libtasn1", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:22:44", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. ([CVE-2014-3466 __](<https://access.redhat.com/security/cve/CVE-2014-3466>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-devel-2.8.5-14.13.amzn1.i686 \n gnutls-utils-2.8.5-14.13.amzn1.i686 \n gnutls-2.8.5-14.13.amzn1.i686 \n gnutls-debuginfo-2.8.5-14.13.amzn1.i686 \n gnutls-guile-2.8.5-14.13.amzn1.i686 \n \n src: \n gnutls-2.8.5-14.13.amzn1.src \n \n x86_64: \n gnutls-guile-2.8.5-14.13.amzn1.x86_64 \n gnutls-utils-2.8.5-14.13.amzn1.x86_64 \n gnutls-2.8.5-14.13.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-14.13.amzn1.x86_64 \n gnutls-devel-2.8.5-14.13.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T10:20:00", "published": "2014-09-19T10:20:00", "id": "ALAS-2014-352", "href": "https://alas.aws.amazon.com/ALAS-2014-352.html", "title": "Important: gnutls", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:54", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3056-1 security@debian.org\nhttp://www.debian.org/security/ Sebastien Delafond\nOctober 26, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libtasn1-3\nCVE ID : CVE-2014-3467 CVE-2014-3468 CVE-2014-3469\n\nSeveral vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-2+deb7u1.\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-26T12:44:43", "published": "2014-10-26T12:44:43", "id": "DEBIAN:DSA-3056-1:9FC99", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00243.html", "title": "[SECURITY] [DSA 3056-1] libtasn1-3 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-22T02:26:20", "bulletinFamily": "unix", "description": "Package : libtasn1-3\nVersion : 2.7-1+squeeze+2\nCVE ID : CVE-2014-3467 CVE-2014-3468 CVE-2014-3469\n\nSeveral vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.\n\n--Seb\n", "modified": "2014-10-26T13:15:37", "published": "2014-10-26T13:15:37", "id": "DEBIAN:DLA-77-1:26DAE", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00010.html", "title": "[SECURITY] [DLA 77-1] libtasn1-3 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:43", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2944-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 01, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnutls26\nCVE ID : CVE-2014-3466\n\nJoonas Kuorilehto discovered that GNU TLS performed insufficient \nvalidation of session IDs during TLS/SSL handshakes. A malicious server\ncould use this to execute arbitrary code or perform denial or service.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-8+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-16.\n\nWe recommend that you upgrade your gnutls26 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-06-01T08:39:15", "published": "2014-06-01T08:39:15", "id": "DEBIAN:DSA-2944-1:FD558", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00124.html", "title": "[SECURITY] [DSA 2944-1] gnutls26 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "Package : gnutls26\nVersion : 2.8.6-1+squeeze4\nCVE ID : CVE-2014-3466\n\nJoonas Kuorilehto discovered that GNU TLS performed insufficient\nvalidation of session IDs during TLS/SSL handshakes. A malicious\nserver could use this to execute arbitrary code or perform denial\nor service.\n", "modified": "2014-06-02T07:51:19", "published": "2014-06-02T07:51:19", "id": "DEBIAN:2F52B94AF1F3F28544124123CB62D3AF:F9725", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201406/msg00000.html", "title": "gnutls26 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "unix", "description": "[3.3-5]\n- Added missing check for null pointer (#1102338)\n[3.3-4]\n- Fix multiple decoding issues (#1102338)", "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0687", "href": "http://linux.oracle.com/errata/ELSA-2014-0687.html", "title": "libtasn1 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "unix", "description": "[1.4.1-16]\n- added missing check for null pointer (#1102355)\n[1.4.1-15]\n- fix session ID length check and null pointer dereference (#1102355)\n- fix minitasn1 issues (#1102355)\n- Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch", "modified": "2014-06-03T00:00:00", "published": "2014-06-03T00:00:00", "id": "ELSA-2014-0594", "href": "http://linux.oracle.com/errata/ELSA-2014-0594.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "unix", "description": "[2.3-6]\n- added check for null pointer (#1102336)\n[2.3-5]\n- fix various DER decoding issues (#1102336)\n[2.3-4]\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)", "modified": "2014-06-03T00:00:00", "published": "2014-06-03T00:00:00", "id": "ELSA-2014-0596", "href": "http://linux.oracle.com/errata/ELSA-2014-0596.html", "title": "libtasn1 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "unix", "description": "[2.8.5-14]\n- fix session ID length check (#1102024)", "modified": "2014-06-03T00:00:00", "published": "2014-06-03T00:00:00", "id": "ELSA-2014-0595", "href": "http://linux.oracle.com/errata/ELSA-2014-0595.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "unix", "description": "\nGnuTLS project reports:\n\nThis vulnerability affects the client side of the gnutls library.\n\t A server that sends a specially crafted ServerHello could corrupt\n\t the memory of a requesting client.\n\n", "modified": "2014-05-14T00:00:00", "published": "2014-05-14T00:00:00", "id": "9733C480-EBFF-11E3-970B-206A8A720317", "href": "https://vuxml.freebsd.org/freebsd/9733c480-ebff-11e3-970b-206a8a720317.html", "title": "gnutls -- client-side memory corruption", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2018-01-27T09:17:50", "bulletinFamily": "info", "description": "[](<https://1.bp.blogspot.com/-r4FXV5Dmo_g/U48aWOh5dKI/AAAAAAAAb8A/oWWdl5A3LHc/s1600/gnutsl-hello-encryption.jpg>)\n\nGnuTLS, a widely used open source SSL/TLS cryptographic library is vulnerable to a buffer overflow vulnerability that could be exploited to crash TLS clients or potentially execute malicious code on underlying systems.\n\n \n\n\nThe GnuTLS library implements secure sockets layer (SSL) and transport layer security (TLS) protocols on computers, servers, and softwares to provide encrypted communications over insecure channels.\n\n \n\n\nThe bug (_CVE-2014-3466_) was independently discovered by Joonas Kuorilehto of security firm Codenomicon, the same security firm who discovered the biggest Internet vulnerability, Heartbleed. Unlike Heartbleed, the GnuTLS library is not as widely deployed as OpenSSL.\n\n \n\n\nThe GnuTLS Vulnerability resides in the way GnuTLS parses the [session ID](<https://www.gitorious.org/gnutls/gnutls/source/8d7d6c6154e01afbe73bb201d6f438b62d75becb:lib/gnutls_handshake.c#L1747>) from the server response during a TLS handshake. It does not check the length of session ID value in the ServerHello message, which allows a malicious server to send an excessively long value in order to execute buffer overflow. Reported Flaw could be exploited by sending payload code from malicious server to clients as they establish encrypted HTTPS connections.\n\n[](<https://1.bp.blogspot.com/-omBXyLR6n40/U48YDcb9l_I/AAAAAAAAb70/k5Qk1gFogFI/s1600/gnutls-session-id.png>)\n\nHeartbleed could be exploited from both sides i.e. Server (the computer connected to) or the Client (i.e. the computer that initiated the connection), whereas the GnuTLS Remote Code Execution vulnerability will only works from the server to a connecting client.\n\n \n\n\nRed Hat has already [issues](<https://bugzilla.redhat.com/show_bug.cgi?id=1101932>) a patch for this vulnerability as \u201c_A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake_,\u201d and its Bug Tracker explained: \u201c_A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code_.\u201d\n\n \n\n\n\"_The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length_.\u201d\n\n \n\n\nRadare blog also published an in-depth [technical analysis](<http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/>) including the proof-of-concept of the this vulnerability, which indicates that it can be exploited by any threat actor to execute any type of malicious code. While, the GnuTLS project has already issued [updated version](<https://www.gnutls.org/security.html>) 3.1.25, 3.2.15 and 3.3.3 in order to patch the vulnerability.\n", "modified": "2014-06-04T13:15:32", "published": "2014-06-04T02:15:00", "id": "THN:9E0F4544CFCEA19BA1AC11F066388B3E", "href": "https://thehackernews.com/2014/06/critical-gnutls-flaw-leaves-ssl-clients.html", "type": "thn", "title": "Critical GnuTLS Flaw Leaves SSL Clients Vulnerable to Remote Code Execution", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
