Jump to content

Advisories MDVSA-2010:089: gnutls


Recommended Posts

Multiple vulnerabilities has been found and corrected in gnutls:

 

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as

used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl

in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,

GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)

3.12.4 and earlier, and other products, does not properly associate

renegotiation handshakes with an existing connection, which allows

man-in-the-middle attackers to insert data into HTTPS sessions,

and possibly other types of sessions protected by TLS or SSL, by

sending an unauthenticated request that is processed retroactively

by a server in a post-renegotiation context, related to a plaintext

injection attack, aka the Project Mogul issue (CVE-2009-3555).

 

The gnutls_x509_crt_get_serial function in the GnuTLS library before

1.2.1, when running on big-endian, 64-bit platforms, calls the

asn1_read_value with a pointer to the wrong data type and the wrong

length value, which allows remote attackers to bypass the certificate

revocation list (CRL) check and cause a stack-based buffer overflow

via a crafted X.509 certificate, related to extraction of a serial

number (CVE-2010-0731).

 

The updated packages have been patched to correct these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...