Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
http://openwall.com/lists/oss-security/2011/11/09/2
http://openwall.com/lists/oss-security/2011/11/09/4
http://rhn.redhat.com/errata/RHSA-2012-0429.html
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://secunia.com/advisories/48596
http://secunia.com/advisories/48712
http://www.gnu.org/software/gnutls/security.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:045
OR
cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*
OR
cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89038 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) | Nessus | Misc. | high |
80628 | Oracle Solaris Third-Party Patch Update : gnutls (cve_2011_4128_buffer_overflow) | Nessus | Solaris Local Security Checks | medium |
79286 | RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488) | Nessus | Red Hat Local Security Checks | medium |
78922 | RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531) | Nessus | Red Hat Local Security Checks | high |
75855 | openSUSE Security Update : gnutls (openSUSE-SU-2012:0215-1) | Nessus | SuSE Local Security Checks | medium |
70439 | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03) | Nessus | Slackware Local Security Checks | medium |
69666 | Amazon Linux AMI : gnutls (ALAS-2012-59) | Nessus | Amazon Linux Local Security Checks | medium |
68504 | Oracle Linux 6 : gnutls (ELSA-2012-0429) | Nessus | Oracle Linux Local Security Checks | medium |
68503 | Oracle Linux 5 : gnutls (ELSA-2012-0428) | Nessus | Oracle Linux Local Security Checks | medium |
61747 | VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries | Nessus | VMware ESX Local Security Checks | high |
61291 | Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20120327) | Nessus | Scientific Linux Local Security Checks | medium |
61290 | Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20120327) | Nessus | Scientific Linux Local Security Checks | medium |
59671 | GLSA-201206-18 : GnuTLS: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
58668 | Fedora 15 : gnutls-2.10.5-3.fc15 (2012-4569) | Nessus | Fedora Local Security Checks | medium |
58618 | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1) | Nessus | Ubuntu Local Security Checks | medium |
58557 | Mandriva Linux Security Advisory : gnutls (MDVSA-2012:045) | Nessus | Mandriva Local Security Checks | medium |
58519 | CentOS 6 : gnutls (CESA-2012:0429) | Nessus | CentOS Local Security Checks | medium |
58510 | RHEL 6 : gnutls (RHSA-2012:0429) | Nessus | Red Hat Local Security Checks | medium |
58509 | RHEL 5 : gnutls (RHSA-2012:0428) | Nessus | Red Hat Local Security Checks | medium |
58504 | CentOS 5 : gnutls (CESA-2012:0428) | Nessus | CentOS Local Security Checks | medium |
57696 | SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 5684) | Nessus | SuSE Local Security Checks | medium |
56763 | FreeBSD : gnutls -- client session resumption vulnerability (bdec8dc2-0b3b-11e1-b722-001cc0476564) | Nessus | FreeBSD Local Security Checks | medium |