Exploit the possiblities
Showing 1 - 9 of 9 RSS Feed

CVE-2013-1619

Status Candidate

Overview

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Related Files

Gentoo Linux Security Advisory 201310-18
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-18 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to Denial of Service. Versions less than 2.12.23-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1619, CVE-2013-2116
MD5 | 3bd373195a2954d3ad1c151032ac68b5
Slackware Security Advisory - gnutls Updates
Posted Oct 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Related CVE Numbers: CVE-2011-4128,CVE-2012-1569,CVE-2012-1573,CVE-2013-1619,CVE-2013-2116.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-4128, CVE-2012-1569, CVE-2012-1573, CVE-2013-1619, CVE-2013-2116
MD5 | ca406d63a198137dc5ca0a1143a150d5
Slackware Security Advisory - gnutls Updates
Posted Sep 2, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1619
MD5 | 0c184ff55ff124b54ff7c85275a8690e
Slackware Security Advisory - gnutls Updates
Posted Aug 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1619
MD5 | cced5b313186ea0473d532c7a4233368
Mandriva Linux Security Advisory 2013-040
Posted Apr 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-040 - Nadhem Alfardan and Kenny Paterson devised an attack that recovers some bits of the plaintext of a GnuTLS session that utilizes that CBC ciphersuites, by using timing information. The gnutls package has been updated to latest 3.0.28 version to fix above problem.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1619
MD5 | 15f760446ff908ab966fe0e4192d64e1
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
MD5 | 88beca4dd1c8934b33bc0e3bb7709c10
Mandriva Linux Security Advisory 2013-019
Posted Mar 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-019 - A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website. This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2013-1619
MD5 | 0cdc21db97aa886e8dd8d35a7e71f65c
Red Hat Security Advisory 2013-0588-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0588-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-1619
MD5 | 6d4d517fbc1f4d5bdd9aa471e18f6e1c
Ubuntu Security Notice USN-1752-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1752-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2013-1619
MD5 | d2dd30465967af3c5d699031c18c8a54
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    12 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close