GLSA-200505-04 : GnuTLS: Denial of Service vulnerability

medium Nessus Plugin ID 18230

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200505-04 (GnuTLS: Denial of Service vulnerability)

A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality.
Impact :

A remote attacker could exploit this vulnerability and cause a Denial of Service to any application that utilizes the GnuTLS library.
Workaround :

There is no known workaround at this time.

Solution

All GnuTLS users should remove the existing installation and upgrade to the latest version:
# emerge --sync # emerge --unmerge gnutls # emerge --ask --oneshot --verbose net-libs/gnutls Due to small API changes with the previous version, please do the following to ensure your applications are using the latest GnuTLS that you just emerged.
# revdep-rebuild --soname-regexp libgnutls.so.1[0-1] Previously exported RSA keys can be fixed by executing the following command on the key files:
# certtool -k infile outfile

See Also

https://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html

https://security.gentoo.org/glsa/200505-04

Plugin Details

Severity: Medium

ID: 18230

File Name: gentoo_GLSA-200505-04.nasl

Version: 1.17

Type: local

Published: 5/11/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:gnutls, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 5/9/2005

Reference Information

CVE: CVE-2005-1431

GLSA: 200505-04