what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2008-1950

Status Candidate

Overview

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Related Files

Mandriva Linux Security Advisory 2008-106
Posted May 27, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
SHA-256 | 48c88ae1eb7e02ffa6ffaef8503450f4fe97526196b1ce72983b1c15d407dd54
Gentoo Linux Security Advisory 200805-20
Posted May 22, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-20 - Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Versions less than 2.2.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
SHA-256 | e37e04b526b4b0b5bb000df629ceab208e43543a12e0226906b04744ba9ae394
Ubuntu Security Notice 613-1
Posted May 22, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 613-1 - Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
SHA-256 | a45f8245b0df9dead664e29c144fe9c30dbfd2375c8b1592fdd17bed4f6c14f7
Debian Linux Security Advisory 1581-1
Posted May 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1581-1 - Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution. Repeated client hellos may result in a pre-authentication denial of service condition due to a null pointer dereference. Decoding cipher padding with an invalid record length may cause GNUTLS to read memory beyond the end of the received record, leading to a pre-authentication denial of service condition.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability, code execution, protocol
systems | linux, debian
advisories | CVE-2008-1948, CVE-2008-1950, CVE-2008-1949
SHA-256 | d2f29ae70f7b4441b6a3254c5c79d7457ce29380453a05d402274526b66a0c52
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close