Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1573

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1573
Last Modified 26 Mar 2014 12:30:29
Published 26 Mar 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1573

Summary

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Vulnerable Systems

Application

  • Gnutls 2.0.0

  • Gnutls 2.0.1

  • Gnutls 2.0.2

  • Gnutls 2.0.3

  • Gnutls 2.0.4

  • Gnutls 2.1.0

  • Gnutls 2.1.1

  • Gnutls 2.1.2

  • Gnutls 2.1.3

  • Gnutls 2.1.4

  • Gnutls 2.1.5

  • Gnutls 2.1.6

  • Gnutls 2.1.7

  • Gnutls 2.1.8

  • Gnutls 2.10.0

  • Gnutls 2.10.1

  • Gnutls 2.10.2

  • Gnutls 2.10.3

  • Gnutls 2.10.4

  • Gnutls 2.10.5

  • Gnutls 2.12.0

  • Gnutls 2.12.1

  • Gnutls 2.12.10

  • Gnutls 2.12.11

  • Gnutls 2.12.12

  • Gnutls 2.12.13

  • Gnutls 2.12.14

  • Gnutls 2.12.15

  • Gnutls 2.12.16

  • Gnutls 2.12.2

  • Gnutls 2.12.3

  • Gnutls 2.12.4

  • Gnutls 2.12.5

  • Gnutls 2.12.6

  • Gnutls 2.12.6.1

  • Gnutls 2.12.7

  • Gnutls 2.12.8

  • Gnutls 2.12.9

  • Gnutls 2.2.0

  • Gnutls 2.2.1

  • Gnutls 2.2.2

  • Gnutls 2.2.3

  • Gnutls 2.2.4

  • Gnutls 2.2.5

  • Gnutls 2.3.0

  • Gnutls 2.3.1

  • Gnutls 2.3.10

  • Gnutls 2.3.11

  • Gnutls 2.3.2

  • Gnutls 2.3.3

  • Gnutls 2.3.4

  • Gnutls 2.3.5

  • Gnutls 2.3.6

  • Gnutls 2.3.7

  • Gnutls 2.3.8

  • Gnutls 2.3.9

  • Gnutls 2.4.0

  • Gnutls 2.4.1

  • Gnutls 2.4.2

  • Gnutls 2.4.3

  • Gnutls 2.5.0

  • Gnutls 2.6.0

  • Gnutls 2.6.1

  • Gnutls 2.6.2

  • Gnutls 2.6.3

  • Gnutls 2.6.4

  • Gnutls 2.6.5

  • Gnutls 2.6.6

  • Gnutls 2.7.4

  • Gnutls 2.8.0

  • Gnutls 2.8.1

  • Gnutls 2.8.2

  • Gnutls 2.8.3

  • Gnutls 2.8.4

  • Gnutls 2.8.5

  • Gnutls 2.8.6

  • Gnutls 3.0

  • Gnutls 3.0.0

  • Gnutls 3.0.1

  • Gnutls 3.0.10

  • Gnutls 3.0.11

  • Gnutls 3.0.12

  • Gnutls 3.0.13

  • Gnutls 3.0.14

  • Gnutls 3.0.2

  • Gnutls 3.0.3

  • Gnutls 3.0.4

  • Gnutls 3.0.5

  • Gnutls 3.0.6

  • Gnutls 3.0.7

  • Gnutls 3.0.8

  • Gnutls 3.0.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=805432

MLIST - [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01

MLIST - [oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01

CONFIRM - http://www.gnu.org/software/gnutls/security.html

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185

CONFIRM - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d

MISC - http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

MLIST - [gnutls-devel] 20120302 gnutls 3.0.15

MLIST - [gnutls-devel] 20120302 gnutls 2.12.16

SECUNIA - 48596

REDHAT - RHSA-2012:0429

OSVDB - 80259

UBUNTU - USN-1418-1

BUGTRAQ - 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1

SECTRACK - 1026828

SECUNIA - 48488

SECUNIA - 48712

REDHAT - RHSA-2012:0531

REDHAT - RHSA-2012:0488

SUSE - SUSE-SU-2014:0320

SECUNIA - 57260

Related Patches

Red Hat 2012:0428-01 RHSA Important: gnutls security update for RHEL 5 x86

Red Hat 2012:0428-01 RHSA Important: gnutls security update for RHEL 5 x86_64

Novell SUSE 2012:6448 gnutls security update for SLE 11 SP1 i586

Novell SUSE 2012:6448 gnutls security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8066 gnutls security update for SLE 10 SP4 i586

Novell SUSE 2012:8066 gnutls security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:30