CVE-2008-1949 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-1949
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1949

Description: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42530 UBUNTU http://www.ubuntu.com/usn/usn-613-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html ST 1020058 SAID Secunia Advisory: SA30302 Secunia Advisory: SA30338 Secunia Advisory: SA30331 Secunia Advisory: SA30317 Secunia Advisory: SA30324 Secunia Advisory: SA30287 Secunia Advisory: SA30330 Secunia Advisory: SA31939 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0489.html http://www.redhat.com/support/errata/RHSA-2008-0492.html MLIST http://www.openwall.com/lists/oss-security/2008/05/20/3 http://www.openwall.com/lists/oss-security/2008/05/20/2 http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://www.openwall.com/lists/oss-security/2008/05/20/1 http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html MISC http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 GENTOO http://security.gentoo.org/glsa/glsa-200805-20.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1581 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558 http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b CERT-VN 252626 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/492464/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/492282/100/0/threaded BID 29292

Return to the previous page.