Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4128

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4128
Last Modified 03 May 2013 11:13:26
Published 08 Dec 2011 03:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4128

Summary

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

Vulnerable Systems

Application

  • Gnutls 2.12.0

  • Gnutls 2.12.1

  • Gnutls 2.12.10

  • Gnutls 2.12.11

  • Gnutls 2.12.12

  • Gnutls 2.12.13

  • Gnutls 2.12.2

  • Gnutls 2.12.3

  • Gnutls 2.12.4

  • Gnutls 2.12.5

  • Gnutls 2.12.6

  • Gnutls 2.12.6.1

  • Gnutls 2.12.7

  • Gnutls 2.12.8

  • Gnutls 2.12.9

  • Gnutls 3.0.0

  • Gnutls 3.0.1

  • Gnutls 3.0.2

  • Gnutls 3.0.3

  • Gnutls 3.0.4

  • Gnutls 3.0.5

  • Gnutls 3.0.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=752308

CONFIRM - http://www.gnu.org/software/gnutls/security.html

MLIST - [oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)

MLIST - [oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c

MLIST - [gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data

SECUNIA - 48596

REDHAT - RHSA-2012:0429

UBUNTU - USN-1418-1

SECUNIA - 48712

REDHAT - RHSA-2012:0531

REDHAT - RHSA-2012:0488

Related Patches

Red Hat 2012:0428-01 RHSA Important: gnutls security update for RHEL 5 x86

Red Hat 2012:0428-01 RHSA Important: gnutls security update for RHEL 5 x86_64

Novell SUSE 2012:5684 gnutls security update for SLE 11 SP1 i586

Novell SUSE 2012:5684 gnutls security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:57:50