CVE-2008-1949 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
gnu	gnutls	1.0.18
gnu	gnutls	1.0.19
gnu	gnutls	1.0.20
gnu	gnutls	1.0.21
gnu	gnutls	1.0.22
gnu	gnutls	1.0.23
gnu	gnutls	1.0.24
gnu	gnutls	1.0.25
gnu	gnutls	1.1.13
gnu	gnutls	1.1.14
gnu	gnutls	1.1.15
gnu	gnutls	1.1.16
gnu	gnutls	1.1.17
gnu	gnutls	1.1.18
gnu	gnutls	1.1.19
gnu	gnutls	1.1.20
gnu	gnutls	1.1.21
gnu	gnutls	1.1.22
gnu	gnutls	1.1.23
gnu	gnutls	1.2.0
gnu	gnutls	1.2.1
gnu	gnutls	1.2.2
gnu	gnutls	1.2.3
gnu	gnutls	1.2.4
gnu	gnutls	1.2.5
gnu	gnutls	1.2.6
gnu	gnutls	1.2.7
gnu	gnutls	1.2.8
gnu	gnutls	1.2.9
gnu	gnutls	1.2.10
gnu	gnutls	1.2.11
gnu	gnutls	1.3.0
gnu	gnutls	1.3.1
gnu	gnutls	1.3.2
gnu	gnutls	1.3.3
gnu	gnutls	1.3.4
gnu	gnutls	1.3.5
gnu	gnutls	1.4.0
gnu	gnutls	1.4.1
gnu	gnutls	1.4.2
gnu	gnutls	1.4.3
gnu	gnutls	1.4.4
gnu	gnutls	1.4.5
gnu	gnutls	1.5.0
gnu	gnutls	1.5.1
gnu	gnutls	1.5.2
gnu	gnutls	1.5.3
gnu	gnutls	1.5.4
gnu	gnutls	1.5.5
gnu	gnutls	1.6.0
gnu	gnutls	1.6.1
gnu	gnutls	1.6.2
gnu	gnutls	1.6.3
gnu	gnutls	1.7.0
gnu	gnutls	1.7.1
gnu	gnutls	1.7.2
gnu	gnutls	1.7.3
gnu	gnutls	1.7.4
gnu	gnutls	1.7.5
gnu	gnutls	1.7.6
gnu	gnutls	1.7.7
gnu	gnutls	1.7.8
gnu	gnutls	1.7.9
gnu	gnutls	1.7.10
gnu	gnutls	1.7.11
gnu	gnutls	1.7.12
gnu	gnutls	1.7.13
gnu	gnutls	1.7.14
gnu	gnutls	1.7.15
gnu	gnutls	1.7.16
gnu	gnutls	1.7.17
gnu	gnutls	1.7.18
gnu	gnutls	1.7.19
gnu	gnutls	2.0.0
gnu	gnutls	2.0.1
gnu	gnutls	2.0.2
gnu	gnutls	2.0.3
gnu	gnutls	2.0.4
gnu	gnutls	2.1.0
gnu	gnutls	2.1.1
gnu	gnutls	2.1.2
gnu	gnutls	2.1.3
gnu	gnutls	2.1.4
gnu	gnutls	2.1.5
gnu	gnutls	2.1.6
gnu	gnutls	2.1.7
gnu	gnutls	2.1.8
gnu	gnutls	2.2.0
gnu	gnutls	2.2.1
gnu	gnutls	2.2.2
gnu	gnutls	2.2.3
gnu	gnutls	2.2.4
gnu	gnutls	2.2.5
gnu	gnutls	2.3.0
gnu	gnutls	2.3.1
gnu	gnutls	2.3.2
gnu	gnutls	2.3.3
gnu	gnutls	2.3.4
gnu	gnutls	2.3.5
gnu	gnutls	2.3.6
gnu	gnutls	2.3.7
gnu	gnutls	2.3.8
gnu	gnutls	2.3.9
gnu	gnutls	2.3.10
gnu	gnutls	2.3.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

gnutls12

dapper	Fixed 1.2.9-2ubuntu1.2 released
feisty	dne
gutsy	dne
hardy	dne

gnutls13

dapper	dne
feisty	Fixed 1.4.4-3ubuntu0.1 released
gutsy	Fixed 1.6.3-1ubuntu0.1 released
hardy	Fixed 2.0.4-1ubuntu2.1 released

gnutls26

dapper	dne
feisty	dne
gutsy	dne
hardy	dne

Known Exploits!

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

http://secunia.com/advisories/30287

http://secunia.com/advisories/30302

http://secunia.com/advisories/30317

http://secunia.com/advisories/30324

http://secunia.com/advisories/30330

http://secunia.com/advisories/30331

http://secunia.com/advisories/30338

http://secunia.com/advisories/30355

http://secunia.com/advisories/31939

http://security.gentoo.org/glsa/glsa-200805-20.xml

http://securityreason.com/securityalert/3902

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

http://www.debian.org/security/2008/dsa-1581

http://www.kb.cert.org/vuls/id/252626

http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

http://www.openwall.com/lists/oss-security/2008/05/20/1

http://www.openwall.com/lists/oss-security/2008/05/20/2

http://www.openwall.com/lists/oss-security/2008/05/20/3

http://www.redhat.com/support/errata/RHSA-2008-0489.html

http://www.redhat.com/support/errata/RHSA-2008-0492.html

http://www.securityfocus.com/archive/1/492282/100/0/threaded

http://www.securityfocus.com/archive/1/492464/100/0/threaded

http://www.securityfocus.com/bid/29292

http://www.securitytracker.com/id?1020058

http://www.ubuntu.com/usn/usn-613-1

http://www.vupen.com/english/advisories/2008/1582/references

http://www.vupen.com/english/advisories/2008/1583/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42530

https://issues.rpath.com/browse/RPL-2552

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

http://secunia.com/advisories/30287

http://secunia.com/advisories/30302

http://secunia.com/advisories/30317

http://secunia.com/advisories/30324

http://secunia.com/advisories/30330

http://secunia.com/advisories/30331

http://secunia.com/advisories/30338

http://secunia.com/advisories/30355

http://secunia.com/advisories/31939

http://security.gentoo.org/glsa/glsa-200805-20.xml

http://securityreason.com/securityalert/3902

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

http://www.debian.org/security/2008/dsa-1581

http://www.kb.cert.org/vuls/id/252626

http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

http://www.openwall.com/lists/oss-security/2008/05/20/1

http://www.openwall.com/lists/oss-security/2008/05/20/2

http://www.openwall.com/lists/oss-security/2008/05/20/3

http://www.redhat.com/support/errata/RHSA-2008-0489.html

http://www.redhat.com/support/errata/RHSA-2008-0492.html

http://www.securityfocus.com/archive/1/492282/100/0/threaded

http://www.securityfocus.com/archive/1/492464/100/0/threaded

http://www.securityfocus.com/bid/29292

http://www.securitytracker.com/id?1020058

http://www.ubuntu.com/usn/usn-613-1

http://www.vupen.com/english/advisories/2008/1582/references

http://www.vupen.com/english/advisories/2008/1583/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42530

https://issues.rpath.com/browse/RPL-2552

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html