Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0645

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0645
Last Modified 07 Mar 2011 09:30:29
Published 10 Feb 2006 01:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0645

Summary

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

Vulnerable Systems

Application

  • Free Software Foundation Inc. Libtasn1 0.1.0

  • Free Software Foundation Inc. Libtasn1 0.1.1

  • Free Software Foundation Inc. Libtasn1 0.1.2

  • Free Software Foundation Inc. Libtasn1 0.2.0

  • Free Software Foundation Inc. Libtasn1 0.2.1

  • Free Software Foundation Inc. Libtasn1 0.2.10

  • Free Software Foundation Inc. Libtasn1 0.2.11

  • Free Software Foundation Inc. Libtasn1 0.2.12

  • Free Software Foundation Inc. Libtasn1 0.2.13

  • Free Software Foundation Inc. Libtasn1 0.2.14

  • Free Software Foundation Inc. Libtasn1 0.2.15

  • Free Software Foundation Inc. Libtasn1 0.2.16

  • Free Software Foundation Inc. Libtasn1 0.2.17

  • Free Software Foundation Inc. Libtasn1 0.2.2

  • Free Software Foundation Inc. Libtasn1 0.2.3

  • Free Software Foundation Inc. Libtasn1 0.2.4

  • Free Software Foundation Inc. Libtasn1 0.2.5

  • Free Software Foundation Inc. Libtasn1 0.2.6

  • Free Software Foundation Inc. Libtasn1 0.2.7

  • Free Software Foundation Inc. Libtasn1 0.2.8

  • Free Software Foundation Inc. Libtasn1 0.2.9


References

VUPEN - ADV-2006-0496

BUGTRAQ - 20060209 ProtoVer SSL: GnuTLS

MISC - http://www.gleg.net/protover_ssl.shtml

MLIST - [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release

MLIST - [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release

MLIST - [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release

MISC - http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch

CONFIRM - http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup

MISC - http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup

XF - gnutls-libtasn1-der-dos(24606)

UBUNTU - USN-251-1

TRUSTIX - 2006-0008

BID - 16568

FEDORA - FEDORA-2006-107

OSVDB - 23054

MANDRIVA - MDKSA-2006:039

GENTOO - GLSA-200602-08

DEBIAN - DSA-986

DEBIAN - DSA-985

SECTRACK - 1015612

SREASON - 446

SECUNIA - 19092

SECUNIA - 19080

SECUNIA - 18918

SECUNIA - 18898

SECUNIA - 18832

SECUNIA - 18830

SECUNIA - 18815

SECUNIA - 18794

REDHAT - RHSA-2006:0207


Last Updated: 27 May 2016 10:41:44