OSVDB ID: 80259

Title: GnuTLS TLS Record GenericBlockCipher Structure Parsing Memory Corruption

Info

Disclosure

Mar 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 02, 2012

Description

A memory corruption flaw exists in GnuTLS. The program fails to sanitize user-supplied input when handling TLS records resulting in memory corruption. With a specially crafted GenericBlockCipher structure, a remote attacker can execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 2.12.18 or 3.0.16 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. (Note, the original disclosure says 3.0.15 fixed this issue.)

Products

Free Software Foundation	GnuTLS	2.12.16
		3.0.15

References

Security Tracker: 1026828
CVE ID: 2012-1573 (see also: NVD)
Secunia Advisory ID: 48488 48511 48579 48596 48712 49203 49708 50476 50911
Vendor Specific News/Changelog Entry: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
http://lists.opensuse.org/opensuse-updates/2012-05/msg00021.html
http://www.debian.org/security/2012/dsa-2441
http://www.gentoo.org/security/en/glsa/glsa-201206-18.xml
http://www.gnu.org/software/gnutls/security.html
http://www.ubuntu.com/usn/usn-1418-1
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1573_denial_of
https://bugzilla.redhat.com/show_bug.cgi?id=805432
Other Advisory URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
http://www.openwall.com/lists/oss-security/2012/03/21/4
http://www.openwall.com/lists/oss-security/2012/03/21/5
Vendor Specific Advisory URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5952/
http://www.vmware.com/security/advisories/VMSA-2012-0013.html
Mail List Post: http://seclists.org/bugtraq/2012/Mar/98
RedHat RHSA: RHSA-2012:0428 RHSA-2012:0429

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80259

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Free Software Foundation

GnuTLS

References

Credit