Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)

Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Moxie Marlinspike and Dan Kaminsky independently discovered that
GnuTLS did not properly handle certificates with NULL characters in
the certificate name. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2009-2730)

Dan Kaminsky discovered GnuTLS would still accept certificates with
MD2 hash signatures. As a result, an attacker could potentially create
a malicious trusted certificate to impersonate another site. This
issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409)

USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS.
The upstream patches introduced a regression when validating certain
certificate chains that would report valid certificates as untrusted.
This update fixes the problem, and only affected Ubuntu 6.06 LTS and
Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date).
In an effort to maintain a strong security stance and address all
known regressions, this update deprecates X.509 validation chains
using MD2 and MD5 signatures. To accomodate sites which must still use
a deprected RSA-MD5 certificate, GnuTLS has been updated to stop
looking when it has found a trusted intermediary certificate. This new
handling of intermediary certificates is in accordance with other SSL
implementations.

Martin von Gagern discovered that GnuTLS did not properly verify
certificate chains when the last certificate in the chain was
self-signed. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view
sensitive information. (CVE-2008-4989).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 40656 ()

Bugtraq ID: 35952

CVE ID: CVE-2008-4989
CVE-2009-2409
CVE-2009-2730