|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-04] GnuTLS: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary
GnuTLS: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-04
(GnuTLS: Denial of Service vulnerability)
A vulnerability has been discovered in the record packet parsing
in the GnuTLS library. Additionally, a flaw was also found in the RSA
key export functionality.
Impact
A remote attacker could exploit this vulnerability and cause a
Denial of Service to any application that utilizes the GnuTLS library.
Workaround
There is no known workaround at this time.
References:
http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1431
Solution:
All GnuTLS users should remove the existing installation and
upgrade to the latest version:
# emerge --sync
# emerge --unmerge gnutls
# emerge --ask --oneshot --verbose net-libs/gnutls
Due to small API changes with the previous version, please do
the following to ensure your applications are using the latest GnuTLS
that you just emerged.
# revdep-rebuild --soname-regexp libgnutls.so.1[0-1]
Previously exported RSA keys can be fixed by executing the
following command on the key files:
# certtool -k infile outfile
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
