exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2014-3466

Status Candidate

Overview

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Related Files

Mandriva Linux Security Advisory 2015-072
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-072 - Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0092, CVE-2014-1959, CVE-2014-3465, CVE-2014-3466, CVE-2014-8564
SHA-256 | d54e07c39568448fc8ce57614a5d9fa432224b556e5e7e077010ba9803d59272
Red Hat Security Advisory 2014-0815-01
Posted Jun 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0815-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | a010735c07300e81c05307db46a722929722e51bde6e7a4c5df209d29725b131
Gentoo Linux Security Advisory 201406-09
Posted Jun 16, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-9 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to arbitrary code execution. Versions less than 2.12.23-r6 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-0092, CVE-2014-1959, CVE-2014-3465, CVE-2014-3466
SHA-256 | c9e57007e1e2c16ca271f1ad218866fe2a98937c85f28534d1b3cafa77b79278
Red Hat Security Advisory 2014-0684-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0684-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3465, CVE-2014-3466
SHA-256 | c3480dbeae965e50ea2596aee4b2db89bd2a3b4760517ee917313be96570a000
Mandriva Linux Security Advisory 2014-109
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-109 - A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3466
SHA-256 | 2dac6f0975791c3374b1c28f1e4f21fe44bba9a3591e659d6062a5f8cff8a5d6
Mandriva Linux Security Advisory 2014-108
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-108 - A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3465, CVE-2014-3466
SHA-256 | b53b2b8afd1cd8d78b77e12a89c948d256e021c14cbb05865fe90ccf85a1edd6
Slackware Security Advisory - gnutls Updates
Posted Jun 6, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3465, CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | 7048df4ef4b612681d06186dbc787300b6781fa7ea3008f07aee1f4b25a28b84
Red Hat Security Advisory 2014-0595-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0595-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3466
SHA-256 | be4ccb2c931432b2046f2813b240d9148cd02af051c850e1537fafb04a55bc68
Red Hat Security Advisory 2014-0594-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0594-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | 5383daf04f0ecec5ab448cbfb42ba4c12d0682950ec05432c8551747b9422d50
Debian Security Advisory 2944-1
Posted Jun 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2944-1 - Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial or service.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2014-3466
SHA-256 | d6887c198b34be7129b7c1a27958283398afa5d8a2824390246f8f0ac9eadefe
Ubuntu Security Notice USN-2229-1
Posted Jun 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2229-1 - Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a man in the middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3466
SHA-256 | 909640c0fc291193e5e61d9571f927ddf4e65f724d30fece71cc30df2475a8bf
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close