GNUTLS Padding Denial of Service Vulnerability
BID:13477
Info
GNUTLS Padding Denial of Service Vulnerability
| Bugtraq ID: | 13477 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1431 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Feb 28 2007 12:46AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Redhat Fedora Core3 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 GNU GnuTLS 1.2 GNU GnuTLS 1.0.17 GNU GnuTLS 1.0.16 GNU GnuTLS 1.0.15 GNU GnuTLS 1.0.14 GNU GnuTLS 1.0.9 GNU GnuTLS 1.0.8 GNU GnuTLS 1.0.7 GNU GnuTLS 1.0.6 GNU GnuTLS 1.0.5 GNU GnuTLS 1.0.4 GNU GnuTLS 1.0.3 GNU GnuTLS 1.0.2 GNU GnuTLS 1.0.1 GNU GnuTLS 1.0 Gentoo Linux |
| Not Vulnerable: |
GNU GnuTLS 1.2.3 GNU GnuTLS 1.0.25 |
Discussion
GNUTLS Padding Denial of Service Vulnerability
GnuTLS is prone to a denial-of-service vulnerability. A remote attacker can send specifically designed data to cause a flaw in the parsing, leading to denial-of-service conditions.
This issue has been addressed in GnuTLS versions 1.0.25 and 1.2.3; earlier versions are vulnerable.
GnuTLS is prone to a denial-of-service vulnerability. A remote attacker can send specifically designed data to cause a flaw in the parsing, leading to denial-of-service conditions.
This issue has been addressed in GnuTLS versions 1.0.25 and 1.2.3; earlier versions are vulnerable.
Exploit / POC
GNUTLS Padding Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
GNUTLS Padding Denial of Service Vulnerability
Solution:
The vendor has addressed this issue in GnuTLS versions 1.0.25 and 1.2.3.
Please see the referenced advisories for more information.
GNU GnuTLS 1.0
GNU GnuTLS 1.0.1
GNU GnuTLS 1.0.14
GNU GnuTLS 1.0.15
GNU GnuTLS 1.0.16
GNU GnuTLS 1.0.17
GNU GnuTLS 1.0.2
GNU GnuTLS 1.0.3
GNU GnuTLS 1.0.4
GNU GnuTLS 1.0.5
GNU GnuTLS 1.0.6
GNU GnuTLS 1.0.7
GNU GnuTLS 1.0.8
GNU GnuTLS 1.0.9
GNU GnuTLS 1.2
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Solution:
The vendor has addressed this issue in GnuTLS versions 1.0.25 and 1.2.3.
Please see the referenced advisories for more information.
GNU GnuTLS 1.0
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.1
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.14
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.15
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.16
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz -
Ubuntu gnutls-bin_1.0.16-13ubuntu0.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_ 1.0.16-13ubuntu0.1_amd64.deb -
Ubuntu gnutls-bin_1.0.16-13ubuntu0.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_ 1.0.16-13ubuntu0.1_i386.deb -
Ubuntu gnutls-bin_1.0.16-13ubuntu0.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_ 1.0.16-13ubuntu0.1_ia64.deb -
Ubuntu gnutls-bin_1.0.16-13ubuntu0.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_ 1.0.16-13ubuntu0.1_powerpc.deb -
Ubuntu libgnutls11-dbg_1.0.16-13ubuntu0.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11 -dbg_1.0.16-13ubuntu0.1_amd64.deb -
Ubuntu libgnutls11-dbg_1.0.16-13ubuntu0.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11 -dbg_1.0.16-13ubuntu0.1_i386.deb -
Ubuntu libgnutls11-dbg_1.0.16-13ubuntu0.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11 -dbg_1.0.16-13ubuntu0.1_ia64.deb -
Ubuntu libgnutls11-dbg_1.0.16-13ubuntu0.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11 -dbg_1.0.16-13ubuntu0.1_powerpc.deb -
Ubuntu libgnutls11-dev_1.0.16-13ubuntu0.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev _1.0.16-13ubuntu0.1_amd64.deb -
Ubuntu libgnutls11-dev_1.0.16-13ubuntu0.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev _1.0.16-13ubuntu0.1_i386.deb -
Ubuntu libgnutls11-dev_1.0.16-13ubuntu0.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev _1.0.16-13ubuntu0.1_ia64.deb -
Ubuntu libgnutls11-dev_1.0.16-13ubuntu0.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev _1.0.16-13ubuntu0.1_powerpc.deb -
Ubuntu libgnutls11_1.0.16-13ubuntu0.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0 .16-13ubuntu0.1_amd64.deb -
Ubuntu libgnutls11_1.0.16-13ubuntu0.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0 .16-13ubuntu0.1_i386.deb -
Ubuntu libgnutls11_1.0.16-13ubuntu0.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0 .16-13ubuntu0.1_ia64.deb -
Ubuntu libgnutls11_1.0.16-13ubuntu0.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0 .16-13ubuntu0.1_powerpc.deb
GNU GnuTLS 1.0.17
-
Fedora gnutls-1.0.20-3.1.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gnutls-1.0.20-3.1.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gnutls-debuginfo-1.0.20-3.1.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gnutls-debuginfo-1.0.20-3.1.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gnutls-devel-1.0.20-3.1.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gnutls-devel-1.0.20-3.1.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.2
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.3
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.4
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz -
Ubuntu gnutls-bin_1.0.4-3ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_ 1.0.4-3ubuntu1.1_amd64.deb -
Ubuntu gnutls-bin_1.0.4-3ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_ 1.0.4-3ubuntu1.1_i386.deb -
Ubuntu gnutls-bin_1.0.4-3ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_ 1.0.4-3ubuntu1.1_powerpc.deb -
Ubuntu libgnutls-doc_1.0.4-3ubuntu1.1_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls-doc_1 .0.4-3ubuntu1.1_all.deb -
Ubuntu libgnutls10-dev_1.0.4-3ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev _1.0.4-3ubuntu1.1_amd64.deb -
Ubuntu libgnutls10-dev_1.0.4-3ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev _1.0.4-3ubuntu1.1_i386.deb -
Ubuntu libgnutls10-dev_1.0.4-3ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev _1.0.4-3ubuntu1.1_powerpc.deb -
Ubuntu libgnutls10_1.0.4-3ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0 .4-3ubuntu1.1_amd64.deb -
Ubuntu libgnutls10_1.0.4-3ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0 .4-3ubuntu1.1_i386.deb -
Ubuntu libgnutls10_1.0.4-3ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0 .4-3ubuntu1.1_powerpc.deb
GNU GnuTLS 1.0.5
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.6
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.7
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.8
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.0.9
-
GNU gnutls-1.0.25.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.0.25.tar.gz
GNU GnuTLS 1.2
-
GNU gnutls-1.2.3.tar.bz2
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.3.tar.bz2
Mandriva Linux Mandrake 10.1
-
Mandriva gnutls-1.0.13-1.1.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva libgnutls11-1.0.13-1.1.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.1 x86_64
-
Mandriva gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva gnutls-1.0.13-1.1.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2 x86_64
-
Mandriva gnutls-1.0.23-2.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva gnutls-1.0.23-2.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2
-
Mandriva gnutls-1.0.23-2.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva gnutls-1.0.23-2.1.102mdk.src.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva libgnutls11-1.0.23-2.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
References
GNUTLS Padding Denial of Service Vulnerability
References:
References:
- GnuTLS (GNU)
- GnuTLS 1.2.3 and 1.0.25 release announcement (GNU)
- RHSA-2005:430-05 : gnutls security update (RedHat)