ID de Prueba:	1.3.6.1.4.1.25623.1.0.60956
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0492
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0492. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0492.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1948 BugTraq ID: 29292 http://www.securityfocus.com/bid/29292 Bugtraq: 20080520 Vulnerability Advisory on GnuTLS (Google Search) http://www.securityfocus.com/archive/1/492282/100/0/threaded Bugtraq: 20080522 rPSA-2008-0174-1 gnutls (Google Search) http://www.securityfocus.com/archive/1/492464/100/0/threaded CERT/CC vulnerability note: VU#111034 http://www.kb.cert.org/vuls/id/111034 Debian Security Information: DSA-1581 (Google Search) http://www.debian.org/security/2008/dsa-1581 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html http://security.gentoo.org/glsa/glsa-200805-20.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://www.openwall.com/lists/oss-security/2008/05/20/1 http://www.openwall.com/lists/oss-security/2008/05/20/2 http://www.openwall.com/lists/oss-security/2008/05/20/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935 http://www.redhat.com/support/errata/RHSA-2008-0489.html http://www.redhat.com/support/errata/RHSA-2008-0492.html http://www.securitytracker.com/id?1020057 http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/30317 http://secunia.com/advisories/30324 http://secunia.com/advisories/30330 http://secunia.com/advisories/30331 http://secunia.com/advisories/30338 http://secunia.com/advisories/30355 http://secunia.com/advisories/31939 http://securityreason.com/securityalert/3902 SuSE Security Announcement: SUSE-SA:2008:046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://www.ubuntu.com/usn/usn-613-1 http://www.vupen.com/english/advisories/2008/1582/references http://www.vupen.com/english/advisories/2008/1583/references XForce ISS Database: gnutls-gnutlsservernamerecvparams-bo(42532) https://exchange.xforce.ibmcloud.com/vulnerabilities/42532 Common Vulnerability Exposure (CVE) ID: CVE-2008-1949 CERT/CC vulnerability note: VU#252626 http://www.kb.cert.org/vuls/id/252626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519 http://www.securitytracker.com/id?1020058 XForce ISS Database: gnutls-gnutlsrecvclientkxmessage-bo(42530) https://exchange.xforce.ibmcloud.com/vulnerabilities/42530 Common Vulnerability Exposure (CVE) ID: CVE-2008-1950 CERT/CC vulnerability note: VU#659209 http://www.kb.cert.org/vuls/id/659209 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393 http://www.securitytracker.com/id?1020059 XForce ISS Database: gnutls-gnutlsciphertext2compressed-bo(42533) https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.