Executive Summary
Summary | |
---|---|
Title | Sun Alert 260528 Security Vulnerability in the GnuTLS (libgnutls(3)) Library Certificate Chain Validation |
Informations | |||
---|---|---|---|
Name | SUN-260528 | First vendor Publication | 2009-06-10 |
Vendor | Sun | Last vendor Modification | 2009-06-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10 Operating System OpenSolaris A Security vulnerability in GnuTLS (libgnutls(3)) library X.509 certificate chain validation may cause client applications to trust certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. This may allow a remote unprivileged user to carry out man-in-the-middle type of attacks using forged serer certificates. Evolution(evolution(1)) and Remote Desktop Applications are examples of applications which use this vulnerable library. This vulnerability is also described in the following document:
State: Resolved First released: 10-Jun-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_260528_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-295 | Certificate Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11650 | |||
Oval ID: | oval:org.mitre.oval:def:11650 | ||
Title: | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | ||
Description: | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4989 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12790 | |||
Oval ID: | oval:org.mitre.oval:def:12790 | ||
Title: | DSA-1719-1 gnutls13 -- design flaw | ||
Description: | Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. In addition, this update tightens the checks for X.509v1 certificates which causes GNUTLS to reject certain certificate chains it accepted before. For the stable distribution, this problem has been fixed in version 1.4.4-3+etch3. For the unstable distribution, this problem has been fixed in version 2.4.2-3 of the gnutls26 package. We recommend that you upgrade your gnutls13 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1719-1 CVE-2008-4989 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | gnutls13 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13629 | |||
Oval ID: | oval:org.mitre.oval:def:13629 | ||
Title: | DSA-1719-2 gnutls13, gnutls26 -- design flaw | ||
Description: | Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store. The current stable distribution was released with the changes in DSA-1719-1 already applied, and this update reverses the changes concerning X.509v1 CA certificates for this distribution, too. For the old stable distribution, this problem has been fixed in version 1.4.4-3+etch4. For the stable distribution, this problem has been fixed in version 2.4.2-6+lenny1. We recommend that you upgrade your GNUTLS packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1719-2 CVE-2008-4989 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13825 | |||
Oval ID: | oval:org.mitre.oval:def:13825 | ||
Title: | USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities | ||
Description: | Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 . In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information | ||
Family: | unix | Class: | patch |
Reference(s): | USN-809-1 CVE-2009-2730 CVE-2009-2409 CVE-2008-4989 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | gnutls12 gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17801 | |||
Oval ID: | oval:org.mitre.oval:def:17801 | ||
Title: | USN-678-2 -- gnutls12, gnutls13, gnutls26 regression | ||
Description: | USN-678-1 fixed a vulnerability in GnuTLS. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-678-2 CVE-2008-4989 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | gnutls12 gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17875 | |||
Oval ID: | oval:org.mitre.oval:def:17875 | ||
Title: | USN-678-1 -- gnutls12, gnutls13, gnutls26 vulnerability | ||
Description: | Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-678-1 CVE-2008-4989 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | gnutls12 gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22750 | |||
Oval ID: | oval:org.mitre.oval:def:22750 | ||
Title: | ELSA-2008:0982: gnutls security update (Moderate) | ||
Description: | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0982-01 CVE-2008-4989 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29020 | |||
Oval ID: | oval:org.mitre.oval:def:29020 | ||
Title: | RHSA-2008:0982 -- gnutls security update (Moderate) | ||
Description: | Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). Martin von Gagern discovered a flaw in the way GnuTLS verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications using the GnuTLS library to trust invalid certificates. (CVE-2008-4989) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0982 CESA-2008:0982-CentOS 5 CVE-2008-4989 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gnutls |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7938 | |||
Oval ID: | oval:org.mitre.oval:def:7938 | ||
Title: | DSA-1719 gnutls13 -- design flaw | ||
Description: | Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. (CVE-2008-4989) In addition, this update tightens the checks for X.509v1 certificates which causes GNUTLS to reject certain certificate chains it accepted before. (In certificate chain processing, GNUTLS does not recognize X.509v1 certificates as valid unless explicitly requested by the application.) | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1719 CVE-2008-4989 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | gnutls13 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls2.nasl |
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls0.nasl |
2009-10-11 | Name : SLES11: Security update for GnuTLS File : nvt/sles11_gnutls.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-8622 (gnutls) File : nvt/fcore_2009_8622.nasl |
2009-09-23 | Name : Solaris Update for GNU Transport Layer Security Library 123939-02 File : nvt/gb_solaris_123939_02.nasl |
2009-09-23 | Name : Solaris Update for GNOME 2.6.0 123938-02 File : nvt/gb_solaris_123938_02.nasl |
2009-09-02 | Name : Ubuntu USN-809-1 (gnutls26) File : nvt/ubuntu_809_1.nasl |
2009-04-28 | Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl |
2009-04-09 | Name : Mandriva Update for gnutls MDVSA-2008:227-1 (gnutls) File : nvt/gb_mandriva_MDVSA_2008_227_1.nasl |
2009-04-09 | Name : Mandriva Update for gnutls MDVSA-2008:227 (gnutls) File : nvt/gb_mandriva_MDVSA_2008_227.nasl |
2009-03-23 | Name : Ubuntu Update for gnutls12, gnutls13, gnutls26 vulnerability USN-678-1 File : nvt/gb_ubuntu_USN_678_1.nasl |
2009-03-23 | Name : Ubuntu Update for gnutls12, gnutls13, gnutls26 regression USN-678-2 File : nvt/gb_ubuntu_USN_678_2.nasl |
2009-03-20 | Name : Debian Security Advisory DSA 1719-2 (gnutls13, gnutls26) File : nvt/deb_1719_2.nasl |
2009-03-06 | Name : RedHat Update for gnutls RHSA-2008:0982-01 File : nvt/gb_RHSA-2008_0982-01_gnutls.nasl |
2009-02-17 | Name : Fedora Update for gnutls FEDORA-2008-9600 File : nvt/gb_fedora_2008_9600_gnutls_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnutls FEDORA-2008-9530 File : nvt/gb_fedora_2008_9530_gnutls_fc9.nasl |
2009-02-16 | Name : Fedora Update for gnutls FEDORA-2008-10000 File : nvt/gb_fedora_2008_10000_gnutls_fc10.nasl |
2009-02-13 | Name : Debian Security Advisory DSA 1719-1 (gnutls13) File : nvt/deb_1719_1.nasl |
2009-01-20 | Name : Gentoo Security Advisory GLSA 200901-10 (gnutls) File : nvt/glsa_200901_10.nasl |
2008-11-19 | Name : FreeBSD Ports: gnutls File : nvt/freebsd_gnutls3.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-315-01 gnutls File : nvt/esoft_slk_ssa_2008_315_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49851 | GnuTLS libgnutls lib/x509/verify.c _gnutls_x509_verify_certificate Function X... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0982.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10162.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081111_gnutls_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0982.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-6073.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-5851.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-090317.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gnutls-081204.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gnutls-090313.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-090313.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-227.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-678-2.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-678-1.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote openSUSE host is missing a security update. File : suse_gnutls-6079.nasl - Type : ACT_GATHER_INFO |
2009-02-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1719.nasl - Type : ACT_GATHER_INFO |
2009-01-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-10.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote openSUSE host is missing a security update. File : suse_gnutls-5844.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_45298931b3bf11dd80f8001cc0377035.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9600.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9530.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0982.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-315-01.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 123939-05 File : solaris10_x86_123939.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 123938-05 File : solaris10_123938.nasl - Type : ACT_GATHER_INFO |