Exploit the possiblities
Showing 1 - 9 of 9 RSS Feed

CVE-2012-1573

Status Candidate

Overview

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Related Files

Slackware Security Advisory - gnutls Updates
Posted Oct 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Related CVE Numbers: CVE-2011-4128,CVE-2012-1569,CVE-2012-1573,CVE-2013-1619,CVE-2013-2116.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-4128, CVE-2012-1569, CVE-2012-1573, CVE-2013-1619, CVE-2013-2116
MD5 | ca406d63a198137dc5ca0a1143a150d5
Gentoo Linux Security Advisory 201206-18
Posted Jun 23, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-18 - Multiple vulnerabilities have been found in GnuTLS, allowing a remote attacker to perform man-in-the-middle or Denial of Service attacks. Versions less than 2.12.18 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2730, CVE-2009-3555, CVE-2011-4128, CVE-2012-1573
MD5 | 44796bd189ac29a95fc21d07ba8b22ad
Red Hat Security Advisory 2012-0531-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0531-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
MD5 | 49fa800e9d557cdd668681bb30c7bdf2
Red Hat Security Advisory 2012-0488-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0488-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
MD5 | f1e17b1405022b76c3461d937ea67009
Ubuntu Security Notice USN-1418-1
Posted Apr 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4128, CVE-2012-1573, CVE-2011-4128, CVE-2012-1573
MD5 | 1b4345011546b31df45e939a80cba711
Mandriva Linux Security Advisory 2012-040
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1573
MD5 | eff5bc41065a2ae7bbc8b34c9df3c8bc
Red Hat Security Advisory 2012-0429-01
Posted Mar 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

tags | advisory, remote, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4128, CVE-2012-1573
MD5 | 54b74ddd5981eec1a2ef266668b9f83f
Red Hat Security Advisory 2012-0428-01
Posted Mar 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4128, CVE-2012-1569, CVE-2012-1573
MD5 | 765c01a1a7095fb564e5f4803e7ab78e
Debian Security Advisory 2441-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2441-1 - Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1573
MD5 | fa34c6fcce4f02ffb1e2da5749b77c8b
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close