Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Updated gnutls packages fix security vulnerabilities :

Suman Jana reported a vulnerability that affects the certificate
verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1
intermediate certificate will be considered as a CA certificate by
default (something that deviates from the documented behavior)

It was discovered that GnuTLS did not correctly handle certain errors
that could occur during the verification of an X.509 certificate,
causing it to incorrectly report a successful verification. An
attacker could use this flaw to create a specially crafted certificate
that could be accepted by GnuTLS as valid for a site chosen by the
attacker (CVE-2014-0092).

A NULL pointer dereference flaw was discovered in GnuTLS's
gnutls_x509_dn_oid_name(). The function, when called with the
GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its
caller. However, it could previously return NULL when parsed X.509
certificates included specific OIDs (CVE-2014-3465).

A flaw was found in the way GnuTLS parsed session ids from Server
Hello packets of the TLS/SSL handshake. A malicious server could use
this flaw to send an excessively long session id value and trigger a
buffer overflow in a connecting TLS/SSL client using GnuTLS, causing
it to crash or, possibly, execute arbitrary code (CVE-2014-3466).

An out-of-bounds memory write flaw was found in the way GnuTLS parsed
certain ECC (Elliptic Curve Cryptography) certificates or certificate
signing requests (CSR). A malicious user could create a specially
crafted ECC certificate or a certificate signing request that, when
processed by an application compiled against GnuTLS (for example,
certtool), could cause that application to crash or execute arbitrary
code with the permissions of the user running the application

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82325 ()

Bugtraq ID:

CVE ID: CVE-2014-0092

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now