Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1949

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1949
Last Modified 07 Mar 2011 10:08:17
Published 21 May 2008 09:24:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1949

Summary

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Vulnerable Systems

Application

  • Gnutls 1.0.18

  • Gnutls 1.0.19

  • Gnutls 1.0.20

  • Gnutls 1.0.21

  • Gnutls 1.0.22

  • Gnutls 1.0.23

  • Gnutls 1.0.24

  • Gnutls 1.0.25

  • Gnutls 1.1.13

  • Gnutls 1.1.14

  • Gnutls 1.1.15

  • Gnutls 1.1.16

  • Gnutls 1.1.17

  • Gnutls 1.1.18

  • Gnutls 1.1.19

  • Gnutls 1.1.20

  • Gnutls 1.1.21

  • Gnutls 1.1.22

  • Gnutls 1.1.23

  • Gnutls 1.2.0

  • Gnutls 1.2.1

  • Gnutls 1.2.10

  • Gnutls 1.2.11

  • Gnutls 1.2.2

  • Gnutls 1.2.3

  • Gnutls 1.2.4

  • Gnutls 1.2.5

  • Gnutls 1.2.6

  • Gnutls 1.2.7

  • Gnutls 1.2.8

  • Gnutls 1.2.9

  • Gnutls 1.3.0

  • Gnutls 1.3.1

  • Gnutls 1.3.2

  • Gnutls 1.3.3

  • Gnutls 1.3.4

  • Gnutls 1.3.5

  • Gnutls 1.4.0

  • Gnutls 1.4.1

  • Gnutls 1.4.2

  • Gnutls 1.4.3

  • Gnutls 1.4.4

  • Gnutls 1.4.5

  • Gnutls 1.5.0

  • Gnutls 1.5.1

  • Gnutls 1.5.2

  • Gnutls 1.5.3

  • Gnutls 1.5.4

  • Gnutls 1.5.5

  • Gnutls 1.6.0

  • Gnutls 1.6.1

  • Gnutls 1.6.2

  • Gnutls 1.6.3

  • Gnutls 1.7.0

  • Gnutls 1.7.1

  • Gnutls 1.7.10

  • Gnutls 1.7.11

  • Gnutls 1.7.12

  • Gnutls 1.7.13

  • Gnutls 1.7.14

  • Gnutls 1.7.15

  • Gnutls 1.7.16

  • Gnutls 1.7.17

  • Gnutls 1.7.18

  • Gnutls 1.7.19

  • Gnutls 1.7.2

  • Gnutls 1.7.3

  • Gnutls 1.7.4

  • Gnutls 1.7.5

  • Gnutls 1.7.6

  • Gnutls 1.7.7

  • Gnutls 1.7.8

  • Gnutls 1.7.9

  • Gnutls 2.0.0

  • Gnutls 2.0.1

  • Gnutls 2.0.2

  • Gnutls 2.0.3

  • Gnutls 2.0.4

  • Gnutls 2.1.0

  • Gnutls 2.1.1

  • Gnutls 2.1.2

  • Gnutls 2.1.3

  • Gnutls 2.1.4

  • Gnutls 2.1.5

  • Gnutls 2.1.6

  • Gnutls 2.1.7

  • Gnutls 2.1.8

  • Gnutls 2.2.0

  • Gnutls 2.2.1

  • Gnutls 2.2.2

  • Gnutls 2.2.3

  • Gnutls 2.2.4

  • Gnutls 2.2.5

  • Gnutls 2.3.0

  • Gnutls 2.3.1

  • Gnutls 2.3.10

  • Gnutls 2.3.11

  • Gnutls 2.3.2

  • Gnutls 2.3.3

  • Gnutls 2.3.4

  • Gnutls 2.3.5

  • Gnutls 2.3.6

  • Gnutls 2.3.7

  • Gnutls 2.3.8

  • Gnutls 2.3.9


References

CERT-VN - VU#252626

BID - 29292

FEDORA - FEDORA-2008-4274

FEDORA - FEDORA-2008-4259

FEDORA - FEDORA-2008-4183

MISC - https://issues.rpath.com/browse/RPL-2552

XF - gnutls-gnutlsrecvclientkxmessage-bo(42530)

VUPEN - ADV-2008-1583

VUPEN - ADV-2008-1582

UBUNTU - USN-613-1

SECTRACK - 1020058

BUGTRAQ - 20080522 rPSA-2008-0174-1 gnutls

BUGTRAQ - 20080520 Vulnerability Advisory on GnuTLS

REDHAT - RHSA-2008:0492

REDHAT - RHSA-2008:0489

MLIST - [oss-security] 20080520 Re: CVE ID request: GNUTLS

MANDRIVA - MDVSA-2008:106

DEBIAN - DSA-1581

MISC - http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

SREASON - 3902

GENTOO - GLSA-200805-20

SECUNIA - 31939

SECUNIA - 30355

SECUNIA - 30338

SECUNIA - 30331

SECUNIA - 30330

SECUNIA - 30324

SECUNIA - 30317

SECUNIA - 30302

SECUNIA - 30287

SUSE - SUSE-SA:2008:046

MLIST - [gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release

MLIST - [gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

MLIST - [gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

Related Patches

Novell SUSE 2008:5601 gnutls security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:42