Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The gnutls_x509_dn_oid_name function in
lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x
before 3.2.10 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted
X.509 certificate, related to a missing LDAP description
for an OID when printing the DN. (CVE-2014-3465)

- Buffer overflow in the read_server_hello function in
lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x
before 3.2.15, and 3.3.x before 3.3.4 allows remote
servers to cause a denial of service (memory corruption)
or possibly execute arbitrary code via a long session id
in a ServerHello message. (CVE-2014-3466)

- Multiple unspecified vulnerabilities in the DER decoder
in GNU Libtasn1 before 3.6, as used in GnutTLS, allow
remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ASN.1 data.
(CVE-2014-3467)

- The asn1_get_bit_der function in GNU Libtasn1 before 3.6
does not properly report an error when a negative bit
length is identified, which allows context-dependent
attackers to cause out-of-bounds access via crafted
ASN.1 data. (CVE-2014-3468)

- The (1) asn1_read_value_type and (2) asn1_read_value
functions in GNU Libtasn1 before 3.6 allows
context-dependent attackers to cause a denial of service
(NULL pointer dereference and crash) via a NULL value in
an ivalue argument. (CVE-2014-3469)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?fb8d4cfe

Solution :

Upgrade to Solaris 11.1.21.4.1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80632 ()

Bugtraq ID:

CVE ID: CVE-2014-3465
CVE-2014-3466
CVE-2014-3467
CVE-2014-3468
CVE-2014-3469

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now