Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2377

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-2377
Last Modified 07 Mar 2011 10:09:05
Published 08 Aug 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-2377

Summary

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

Vulnerable Systems

Application

  • Gnutls 2.3.5

  • Gnutls 2.3.6

  • Gnutls 2.3.7

  • Gnutls 2.3.8

  • Gnutls 2.3.9

  • Gnutls 2.4.0


References

MLIST - [gnutls-devel] 20080630 GnuTLS 2.4.1

CONFIRM - https://issues.rpath.com/browse/RPL-2650

XF - gnutls-gnutlshandshake-code-execution(44486)

VUPEN - ADV-2008-2398

BID - 30713

MLIST - [gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]

CONFIRM - http://www.gnu.org/software/gnutls/security.html

SECUNIA - 31505


Last Updated: 27 May 2016 10:47:50