GLSA-200505-04 : GnuTLS: Denial of Service vulnerability

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200505-04
(GnuTLS: Denial of Service vulnerability)

A vulnerability has been discovered in the record packet parsing
in the GnuTLS library. Additionally, a flaw was also found in the RSA
key export functionality.

Impact :

A remote attacker could exploit this vulnerability and cause a
Denial of Service to any application that utilizes the GnuTLS library.

Workaround :

There is no known workaround at this time.

See also :

http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html
http://www.gentoo.org/security/en/glsa/glsa-200505-04.xml

Solution :

All GnuTLS users should remove the existing installation and
upgrade to the latest version:
# emerge --sync
# emerge --unmerge gnutls
# emerge --ask --oneshot --verbose net-libs/gnutls
Due to small API changes with the previous version, please do
the following to ensure your applications are using the latest GnuTLS
that you just emerged.
# revdep-rebuild --soname-regexp libgnutls.so.1[0-1]
Previously exported RSA keys can be fixed by executing the
following command on the key files:
# certtool -k infile outfile

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18230 (gentoo_GLSA-200505-04.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1431