This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200905-04
(GnuTLS: Multiple vulnerabilities)
The following vulnerabilities were found in GnuTLS:
Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not
properly handle corrupt DSA signatures, possibly leading to a
double-free vulnerability (CVE-2009-1415).
reported that GnuTLS generates RSA keys stored in DSA structures when
creating a DSA key (CVE-2009-1416).
Romain Francoise reported
that the _gnutls_x509_verify_certificate() function in
lib/x509/verify.c does not perform time checks, resulting in the
'gnutls-cli' program accepting X.509 certificates with validity times
in the past or future (CVE-2009-1417).
A remote attacker could entice a user or automated system to process a
specially crafted DSA certificate, possibly resulting in a Denial of
Service condition. NOTE: This issue might have other unspecified impact
including the execution of arbitrary code. Furthermore, a remote
attacker could spoof signatures on certificates and the 'gnutls-cli'
application can be tricked into accepting an invalid certificate.
There is no known workaround at this time.
See also :
All GnuTLS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.6.6'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 38885 (gentoo_GLSA-200905-04.nasl)
CVE ID: CVE-2009-1415CVE-2009-1416CVE-2009-1417
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.