Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0390

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0390
Last Modified 26 Mar 2014 12:28:02
Published 05 Jan 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0390

Summary

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

Vulnerable Systems

Application

  • Gnutls 2.10.0

  • Gnutls 2.10.1

  • Gnutls 2.10.1-x86

  • Gnutls 2.10.2

  • Gnutls 2.10.2-x86

  • Gnutls 2.10.3

  • Gnutls 2.10.4

  • Gnutls 2.10.5

  • Gnutls 2.10.5-x86

  • Gnutls 2.12.0

  • Gnutls 2.12.1

  • Gnutls 2.12.10

  • Gnutls 2.12.11

  • Gnutls 2.12.12

  • Gnutls 2.12.13

  • Gnutls 2.12.14

  • Gnutls 2.12.2

  • Gnutls 2.12.3

  • Gnutls 2.12.4

  • Gnutls 2.12.5

  • Gnutls 2.12.6

  • Gnutls 2.12.6.1

  • Gnutls 2.12.7

  • Gnutls 2.12.8

  • Gnutls 2.12.9

  • Gnutls 2.2.4

  • Gnutls 2.2.5

  • Gnutls 2.4.0

  • Gnutls 2.4.1

  • Gnutls 2.4.2

  • Gnutls 2.4.3

  • Gnutls 2.6.0

  • Gnutls 2.6.1

  • Gnutls 2.6.2

  • Gnutls 2.6.3

  • Gnutls 2.6.4

  • Gnutls 2.6.5

  • Gnutls 2.6.6

  • Gnutls 2.8.0

  • Gnutls 2.8.1

  • Gnutls 2.8.2

  • Gnutls 2.8.3

  • Gnutls 2.8.4

  • Gnutls 2.8.5

  • Gnutls 2.8.6

  • Gnutls 3.0.0

  • Gnutls 3.0.1

  • Gnutls 3.0.10

  • Gnutls 3.0.2

  • Gnutls 3.0.3

  • Gnutls 3.0.4

  • Gnutls 3.0.5

  • Gnutls 3.0.6

  • Gnutls 3.0.7

  • Gnutls 3.0.8

  • Gnutls 3.0.9


References

MISC - http://www.isg.rhul.ac.uk/~kp/dtls.pdf

SUSE - SUSE-SU-2014:0320

SECUNIA - 57260

Related Patches

Novell SUSE 2012:6448 gnutls security update for SLE 11 SP1 i586

Novell SUSE 2012:6448 gnutls security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8066 gnutls security update for SLE 10 SP4 i586

Novell SUSE 2012:8066 gnutls security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:04:46