漏洞信息详情

GnuTLS 头文件'gnutls_kx.c'空指针引用及拒绝服务漏洞

  • CNNVD编号:CNNVD-200805-272
  • 危害等级: 超危
  • CVE编号: CVE-2008-1949
  • 漏洞类型: 授权问题
  • 发布时间: 2008-05-21
  • 威胁类型: 远程
  • 更新时间: 2009-03-13
  • 厂        商: gnu
  • 漏洞来源: Simon Josefsson

漏洞简介

GnuTLS是用于实现TLS加密协议的函数库。

GnuTLS在处理各种畸形TLS报文时存在多个安全漏洞,可能导致拒绝服务或完全入侵运行该库应用程序所在的操作系统。lib/gnutls_kx.c文件的_gnutls_recv_client_kx_message()函数在处理包含有多个Client Hello消息的TLS报文时存在空指针引用。AKA编号GNUTLS-SA-2008-1-2。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://www.debian.org/security/2008/dsa-1581

参考网址

来源: US-CERT

名称: VU#252626

链接:http://www.kb.cert.org/vuls/id/252626

来源: BID

名称: 29292

链接:http://www.securityfocus.com/bid/29292

来源: FEDORA

名称: FEDORA-2008-4274

链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

来源: FEDORA

名称: FEDORA-2008-4259

链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

来源: FEDORA

名称: FEDORA-2008-4183

链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-2552

来源: XF

名称: gnutls-gnutlsrecvclientkxmessage-bo(42530)

链接:http://xforce.iss.net/xforce/xfdb/42530

来源: UBUNTU

名称: USN-613-1

链接:http://www.ubuntu.com/usn/usn-613-1

来源: SECTRACK

名称: 1020058

链接:http://www.securitytracker.com/id?1020058

来源: BUGTRAQ

名称: 20080522 rPSA-2008-0174-1 gnutls

链接:http://www.securityfocus.com/archive/1/archive/1/492464/100/0/threaded

来源: BUGTRAQ

名称: 20080520 Vulnerability Advisory on GnuTLS

链接:http://www.securityfocus.com/archive/1/archive/1/492282/100/0/threaded

来源: REDHAT

名称: RHSA-2008:0492

链接:http://www.redhat.com/support/errata/RHSA-2008-0492.html

来源: REDHAT

名称: RHSA-2008:0489

链接:http://www.redhat.com/support/errata/RHSA-2008-0489.html

来源: MLIST

名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS

链接:http://www.openwall.com/lists/oss-security/2008/05/20/3

来源: MLIST

名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS

链接:http://www.openwall.com/lists/oss-security/2008/05/20/2

来源: MLIST

名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS

链接:http://www.openwall.com/lists/oss-security/2008/05/20/1

来源: MANDRIVA

名称: MDVSA-2008:106

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

来源: VUPEN

名称: ADV-2008-1583

链接:http://www.frsirt.com/english/advisories/2008/1583/references

来源: VUPEN

名称: ADV-2008-1582

链接:http://www.frsirt.com/english/advisories/2008/1582/references

来源: DEBIAN

名称: DSA-1581

链接:http://www.debian.org/security/2008/dsa-1581

来源: MISC

链接:http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

来源: wiki.rpath.com

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

来源: SREASON

名称: 3902

链接:http://securityreason.com/securityalert/3902

来源: GENTOO

名称: GLSA-200805-20

链接:http://security.gentoo.org/glsa/glsa-200805-20.xml

来源: SECUNIA

名称: 31939

链接:http://secunia.com/advisories/31939

来源: SECUNIA

名称: 30355

链接:http://secunia.com/advisories/30355

来源: SECUNIA

名称: 30338

链接:http://secunia.com/advisories/30338

来源: SECUNIA

名称: 30331

链接:http://secunia.com/advisories/30331

来源: SECUNIA

名称: 30330

链接:http://secunia.com/advisories/30330

来源: SECUNIA

名称: 30324

链接:http://secunia.com/advisories/30324

来源: SECUNIA

名称: 30317

链接:http://secunia.com/advisories/30317

来源: SECUNIA

名称: 30302

链接:http://secunia.com/advisories/30302

来源: SECUNIA

名称: 30287

链接:http://secunia.com/advisories/30287

来源: SUSE

名称: SUSE-SA:2008:046

链接:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

来源: MLIST

名称: [gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release

链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

来源: MLIST

名称: [gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

来源: MLIST

名称: [gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

来源: git.savannah.gnu.org

链接:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多