SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Security)  >  GnuTLS Vendors:  gnutls.org
GnuTLS Padding Validation Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1013861
SecurityTracker URL:  http://securitytracker.com/id?1013861
CVE Reference:  CAN-2005-1431   (Links to External Site)
Updated:  Jun 2 2005
Original Entry Date:  May 2 2005
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.2 prior to 1.2.3; 1.0 prior to 1.0.25
Description:  A vulnerability was reported in GnuTLS. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to trigger a flaw in record packet parsing to cause denial of service conditions.

The vulnerability resides in validation of padding bytes in 'lib/gnutls_cipher.c'.
Impact:  A remote user can cause denial of service conditions.
Solution:  The vendor has released fixed versions (1.0.25 and 1.2.3), available at:

http://www.gnu.org/software/gnutls/download.html
Vendor URL:  www.gnutls.org/ (Links to External Site)
Cause:  Exception handling error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Simon Josefsson <jas@extundo.com>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 2 2005 (Red Hat Issues Fix) GnuTLS Padding Validation Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix.


 Source Message Contents
Date:  ThuApr 28 13:06:48 CEST 2005
From:  Simon Josefsson <jas@extundo.com>
Subject:  [gnutls-dev] GnuTLS 1.2.3 and 1.0.25

 
 
We are pleased to announce the availability of two new GnuTLS
releases; GnuTLS 1.2.3 and GnuTLS 1.0.25!
 
These releases were prompted by the discovery of a denial of service
problem.
 
We recommend 1.0 users to move to 1.2.  We will continue to make
releases on the old branch when security problems are discovered, for
those who feel unable to upgrade.
 
We do not have the resources to analyze and write an explanation of
this security problem.  Volunteers who want to read the bug reports
and the CVS changes, and write up an explanation in plain English, are
most welcome!  Having a detailed track record of security problems can
be a useful reference when discussing security in free software
packages in general.  Naturally, if you wish to sponsor us to do this
work for you, please contact me.
 
PS.  The ftp.gnutls.org server appear down at the moment, but the
files below will be available as soon as possible.
 
If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.
 
The project page of the library is available at:
  http://www.gnutls.org/
  http://www.gnu.org/software/gnutls/
  http://josefsson.org/gnutls/ (updated fastest)
 
Here are the compressed sources:
  http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz (1.5MB)
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz (1.5MB)
  http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2 (2.4MB)
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2 (2.4MB)
 
Here are GPG detached signatures signed using key 0xB565716F:
  http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz.sig
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz.sig
  http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2.sig
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2.sig
 
Here are the build reports for various platforms:
  http://josefsson.org/autobuild-logs/gnutls.html
 
Here are the MD5/SHA1 checksums:
 
3585b5b204135e51e0efc9084b3e028b  gnutls-1.0.25.tar.gz
80527e5a5d17e199cb8a2848178990a6  gnutls-1.0.25.tar.gz.sig
e790b848b9aa1e98d8f28ecf522d8e5dc7e0cb0b  gnutls-1.0.25.tar.gz
7db580ff783bcfb2febe5085f3a3ad10d76d5508  gnutls-1.0.25.tar.gz.sig
 
4986c2bf8ce533d6b5d4dd6f9f1bbdf1  gnutls-1.2.3.tar.bz2
04a61b016ae24c4b7983c2373c9e023c  gnutls-1.2.3.tar.bz2.sig
78e1b92a9d818479faca9042d446eed61770fb17  gnutls-1.2.3.tar.bz2
c3ccbd42db7918e5d1f69dbdd40e755f8fa5a985  gnutls-1.2.3.tar.bz2.sig
 
Noteworthy changes since version 1.0.24/1.2.3:
 
- Corrected bug in record packet parsing that could lead
  to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
  can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
    gnutls_x509_privkey_fix(): Add.
 
Enjoy,
Nikos and Simon


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC