CVE-2008-1948

21.05.2008, 13:24

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
gnu	gnutls	1.0.18
gnu	gnutls	1.0.19
gnu	gnutls	1.0.20
gnu	gnutls	1.0.21
gnu	gnutls	1.0.22
gnu	gnutls	1.0.23
gnu	gnutls	1.0.24
gnu	gnutls	1.0.25
gnu	gnutls	1.1.13
gnu	gnutls	1.1.14
gnu	gnutls	1.1.15
gnu	gnutls	1.1.16
gnu	gnutls	1.1.17
gnu	gnutls	1.1.18
gnu	gnutls	1.1.19
gnu	gnutls	1.1.20
gnu	gnutls	1.1.21
gnu	gnutls	1.1.22
gnu	gnutls	1.1.23
gnu	gnutls	1.2.0
gnu	gnutls	1.2.1
gnu	gnutls	1.2.2
gnu	gnutls	1.2.3
gnu	gnutls	1.2.4
gnu	gnutls	1.2.5
gnu	gnutls	1.2.6
gnu	gnutls	1.2.7
gnu	gnutls	1.2.8
gnu	gnutls	1.2.9
gnu	gnutls	1.2.10
gnu	gnutls	1.2.11
gnu	gnutls	1.3.0
gnu	gnutls	1.3.1
gnu	gnutls	1.3.2
gnu	gnutls	1.3.3
gnu	gnutls	1.3.4
gnu	gnutls	1.3.5
gnu	gnutls	1.4.0
gnu	gnutls	1.4.1
gnu	gnutls	1.4.2
gnu	gnutls	1.4.3
gnu	gnutls	1.4.4
gnu	gnutls	1.4.5
gnu	gnutls	1.5.0
gnu	gnutls	1.5.1
gnu	gnutls	1.5.2
gnu	gnutls	1.5.3
gnu	gnutls	1.5.4
gnu	gnutls	1.5.5
gnu	gnutls	1.6.0
gnu	gnutls	1.6.1
gnu	gnutls	1.6.2
gnu	gnutls	1.6.3
gnu	gnutls	1.7.0
gnu	gnutls	1.7.1
gnu	gnutls	1.7.2
gnu	gnutls	1.7.3
gnu	gnutls	1.7.4
gnu	gnutls	1.7.5
gnu	gnutls	1.7.6
gnu	gnutls	1.7.7
gnu	gnutls	1.7.8
gnu	gnutls	1.7.9
gnu	gnutls	1.7.10
gnu	gnutls	1.7.11
gnu	gnutls	1.7.12
gnu	gnutls	1.7.13
gnu	gnutls	1.7.14
gnu	gnutls	1.7.15
gnu	gnutls	1.7.16
gnu	gnutls	1.7.17
gnu	gnutls	1.7.18
gnu	gnutls	1.7.19
gnu	gnutls	2.0.0
gnu	gnutls	2.0.1
gnu	gnutls	2.0.2
gnu	gnutls	2.0.3
gnu	gnutls	2.0.4
gnu	gnutls	2.1.0
gnu	gnutls	2.1.1
gnu	gnutls	2.1.2
gnu	gnutls	2.1.3
gnu	gnutls	2.1.4
gnu	gnutls	2.1.5
gnu	gnutls	2.1.6
gnu	gnutls	2.1.7
gnu	gnutls	2.1.8
gnu	gnutls	2.2.0
gnu	gnutls	2.2.1
gnu	gnutls	2.2.2
gnu	gnutls	2.2.3
gnu	gnutls	2.2.4
gnu	gnutls	2.2.5
gnu	gnutls	2.3.0
gnu	gnutls	2.3.1
gnu	gnutls	2.3.2
gnu	gnutls	2.3.3
gnu	gnutls	2.3.4
gnu	gnutls	2.3.5
gnu	gnutls	2.3.6
gnu	gnutls	2.3.7
gnu	gnutls	2.3.8
gnu	gnutls	2.3.9
gnu	gnutls	2.3.10
gnu	gnutls	2.3.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

gnutls12

hardy	dne
gutsy	dne
feisty	dne
dapper	Fixed 1.2.9-2ubuntu1.2 released

gnutls13

hardy	Fixed 2.0.4-1ubuntu2.1 released
gutsy	Fixed 1.6.3-1ubuntu0.1 released
feisty	Fixed 1.4.4-3ubuntu0.1 released
dapper	dne

gnutls26

hardy	dne
gutsy	dne
feisty	dne
dapper	dne

Known Exploits!

Common Weakness Enumeration

CWE-189 -

References

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

http://secunia.com/advisories/30287

http://secunia.com/advisories/30302

http://secunia.com/advisories/30317

http://secunia.com/advisories/30324

http://secunia.com/advisories/30330

http://secunia.com/advisories/30331

http://secunia.com/advisories/30338

http://secunia.com/advisories/30355

http://secunia.com/advisories/31939

http://security.gentoo.org/glsa/glsa-200805-20.xml

http://securityreason.com/securityalert/3902

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

http://www.debian.org/security/2008/dsa-1581

http://www.kb.cert.org/vuls/id/111034

http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

http://www.openwall.com/lists/oss-security/2008/05/20/1

http://www.openwall.com/lists/oss-security/2008/05/20/2

http://www.openwall.com/lists/oss-security/2008/05/20/3

http://www.redhat.com/support/errata/RHSA-2008-0489.html

http://www.redhat.com/support/errata/RHSA-2008-0492.html

http://www.securityfocus.com/archive/1/492282/100/0/threaded

http://www.securityfocus.com/archive/1/492464/100/0/threaded

http://www.securityfocus.com/bid/29292

http://www.securitytracker.com/id?1020057

http://www.ubuntu.com/usn/usn-613-1

http://www.vupen.com/english/advisories/2008/1582/references

http://www.vupen.com/english/advisories/2008/1583/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42532

https://issues.rpath.com/browse/RPL-2552

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

http://secunia.com/advisories/30287

http://secunia.com/advisories/30302

http://secunia.com/advisories/30317

http://secunia.com/advisories/30324

http://secunia.com/advisories/30330

http://secunia.com/advisories/30331

http://secunia.com/advisories/30338

http://secunia.com/advisories/30355

http://secunia.com/advisories/31939

http://security.gentoo.org/glsa/glsa-200805-20.xml

http://securityreason.com/securityalert/3902

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

http://www.debian.org/security/2008/dsa-1581

http://www.kb.cert.org/vuls/id/111034

http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

http://www.openwall.com/lists/oss-security/2008/05/20/1

http://www.openwall.com/lists/oss-security/2008/05/20/2

http://www.openwall.com/lists/oss-security/2008/05/20/3

http://www.redhat.com/support/errata/RHSA-2008-0489.html

http://www.redhat.com/support/errata/RHSA-2008-0492.html

http://www.securityfocus.com/archive/1/492282/100/0/threaded

http://www.securityfocus.com/archive/1/492464/100/0/threaded

http://www.securityfocus.com/bid/29292

http://www.securitytracker.com/id?1020057

http://www.ubuntu.com/usn/usn-613-1

http://www.vupen.com/english/advisories/2008/1582/references

http://www.vupen.com/english/advisories/2008/1583/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42532

https://issues.rpath.com/browse/RPL-2552

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html