CVE-2008-1950 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-1950
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1950

Description: Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42533 UBUNTU http://www.ubuntu.com/usn/usn-613-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html ST 1020059 SAID Secunia Advisory: SA30302 Secunia Advisory: SA30338 Secunia Advisory: SA30331 Secunia Advisory: SA30317 Secunia Advisory: SA30324 Secunia Advisory: SA30287 Secunia Advisory: SA30330 Secunia Advisory: SA31939 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0489.html http://www.redhat.com/support/errata/RHSA-2008-0492.html MLIST http://www.openwall.com/lists/oss-security/2008/05/20/3 http://www.openwall.com/lists/oss-security/2008/05/20/2 http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://www.openwall.com/lists/oss-security/2008/05/20/1 http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html MISC http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 GENTOO http://security.gentoo.org/glsa/glsa-200805-20.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1581 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558 http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b CERT-VN 659209 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/492464/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/492282/100/0/threaded BID 29292

Return to the previous page.