BID:51322

GnuTLS DTLS Information Disclosure Vulnerability

Info

GnuTLS DTLS Information Disclosure Vulnerability

Bugtraq ID:	51322
Class:	Design Error
CVE:	CVE-2012-0390
Remote:	Yes
Local:	No
Published:	Jan 09 2012 12:00AM
Updated:	Mar 07 2014 02:52AM
Credit:	Nadhem Alfardan and Kenny Paterson
Vulnerable:	SuSE SUSE Linux Enterprise Server 10 SP3 LTSS + Linux kernel 2.6.5 GNU GnuTLS 2.8.3 GNU GnuTLS 2.8.2 GNU GnuTLS 2.8.1 GNU GnuTLS 2.6.6 GNU GnuTLS 2.6.5 GNU GnuTLS 2.6.4 GNU GnuTLS 2.6.3 GNU GnuTLS 2.6.2 GNU GnuTLS 2.6.1 GNU GnuTLS 2.6 GNU GnuTLS 2.4.1 GNU GnuTLS 2.4 GNU GnuTLS 2.2.5 GNU GnuTLS 2.2.4 GNU GnuTLS 2.2.3 GNU GnuTLS 2.2.2 GNU GnuTLS 2.2.1 GNU GnuTLS 2.2 GNU GnuTLS 3.0.7 GNU GnuTLS 3.0.6 GNU GnuTLS 3.0.10 GNU GnuTLS 2.12.14 GNU GnuTLS 2.12.13

Not Vulnerable:	GNU GnuTLS 3.0.11

Discussion

GnuTLS DTLS Information Disclosure Vulnerability

GnuTLS is prone to an information disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

Versions prior to 3.0.11 are vulnerable.

Exploit / POC

GnuTLS DTLS Information Disclosure Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

GnuTLS DTLS Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

GnuTLS DTLS Information Disclosure Vulnerability

References:

gnutls 3.0.11 (GNU)
GnuTLS Homepage (GNU)
The GNU Transport Layer Security Library Advisories (GNU)