Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702869
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2869-1 (gnutls26 - incorrect certificate verification)
Summary:Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate;verification issue in GnuTLS, an SSL/TLS library. A certificate;validation could be reported successfully even in cases were an error;would prevent all verification steps to be performed.;;An attacker doing a man-in-the-middle of a TLS connection could use this;vulnerability to present a carefully crafted certificate that would be;accepted by GnuTLS as valid even if not signed by one of the trusted;authorities.
Description:Summary:
Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate
verification issue in GnuTLS, an SSL/TLS library. A certificate
validation could be reported successfully even in cases were an error
would prevent all verification steps to be performed.

An attacker doing a man-in-the-middle of a TLS connection could use this
vulnerability to present a carefully crafted certificate that would be
accepted by GnuTLS as valid even if not signed by one of the trusted
authorities.

Affected Software/OS:
gnutls26 on Debian Linux

Solution:
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.8.6-1+squeeze3.

For the stable distribution (wheezy), this problem has been fixed in
version 2.12.20-8+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 2.12.23-13.

For the unstable distribution (sid), this problem has been fixed in
version 2.12.23-13.

We recommend that you upgrade your gnutls26 packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0092
BugTraq ID: 65919
http://www.securityfocus.com/bid/65919
Debian Security Information: DSA-2869 (Google Search)
http://www.debian.org/security/2014/dsa-2869
RedHat Security Advisories: RHSA-2014:0246
http://rhn.redhat.com/errata/RHSA-2014-0246.html
RedHat Security Advisories: RHSA-2014:0247
http://rhn.redhat.com/errata/RHSA-2014-0247.html
RedHat Security Advisories: RHSA-2014:0288
http://rhn.redhat.com/errata/RHSA-2014-0288.html
RedHat Security Advisories: RHSA-2014:0339
http://rhn.redhat.com/errata/RHSA-2014-0339.html
http://secunia.com/advisories/56933
http://secunia.com/advisories/57103
http://secunia.com/advisories/57204
http://secunia.com/advisories/57254
http://secunia.com/advisories/57260
http://secunia.com/advisories/57274
http://secunia.com/advisories/57321
SuSE Security Announcement: SUSE-SU-2014:0319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SuSE Security Announcement: SUSE-SU-2014:0321 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html
SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
SuSE Security Announcement: SUSE-SU-2014:0323 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html
SuSE Security Announcement: SUSE-SU-2014:0324 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html
SuSE Security Announcement: SUSE-SU-2014:0445 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
SuSE Security Announcement: openSUSE-SU-2014:0325 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html
SuSE Security Announcement: openSUSE-SU-2014:0328 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html
SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
http://www.ubuntu.com/usn/USN-2127-1
CopyrightCopyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.