SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   GnuTLS Vendors:   gnutls.org
GnuTLS DTLS Implementation Lets Remote Users Recover Plaintext in Certain Cases
SecurityTracker Alert ID:  1026490
SecurityTracker URL:  http://securitytracker.com/id/1026490
CVE Reference:   CVE-2012-0390   (Links to External Site)
Date:  Jan 9 2012
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.0.11
Description:   A vulnerability was reported in GnuTLS. A remote user can determine the installation path.

A remote user can conduct an efficient plaintext recovery attack against the OpenSSL implementation of Datagram Transport Layer Security (DTLS). Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) reported this vulnerability.

Impact:   A remote user can obtain plaintext in certain cases.
Solution:   The vendor has issued a fix (3.0.11).
Vendor URL:  www.gnu.org/software/gnutls/security.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC