GLSA-200505-04 : GnuTLS: Denial of Service vulnerability

Medium Nessus Plugin ID 18230


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200505-04 (GnuTLS: Denial of Service vulnerability)

A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality.
Impact :

A remote attacker could exploit this vulnerability and cause a Denial of Service to any application that utilizes the GnuTLS library.
Workaround :

There is no known workaround at this time.


All GnuTLS users should remove the existing installation and upgrade to the latest version:
# emerge --sync # emerge --unmerge gnutls # emerge --ask --oneshot --verbose net-libs/gnutls Due to small API changes with the previous version, please do the following to ensure your applications are using the latest GnuTLS that you just emerged.
# revdep-rebuild --soname-regexp[0-1] Previously exported RSA keys can be fixed by executing the following command on the key files:
# certtool -k infile outfile

See Also

Plugin Details

Severity: Medium

ID: 18230

File Name: gentoo_GLSA-200505-04.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2005/05/11

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:gnutls, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2005/05/09

Vulnerability Publication Date: 2005/04/28

Reference Information

CVE: CVE-2005-1431

OSVDB: 16054

GLSA: 200505-04