GNUTLS LibTASN1 DER 拒绝服务漏洞
| CNNVD-ID编号 | CNNVD-200602-141 | CVE编号 | CVE-2006-0645 |
| 发布时间 | 2006-02-10 | 更新时间 | 2006-02-14 |
| 漏洞类型 | 其他 | 漏洞来源 | Evgeny Legerov [email protected] |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | free_software_foundation_inc. | ||
漏洞介绍
Libtasn1是GNU项目的一个用于开发ASN.1(Abstract Syntax Notation One,用于描述数据的表示、编码、传输、解码的标准)结构管理的C库。
libtASN1的DER解码器中存在拒绝服务漏洞,如果使用了libtASN1库的程序接收处理特制的恶意输入报文的话,可以导致解码器崩溃。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
GNU libtasn1-0.2.18.tar.gz
ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.2.18.tar.gz
GNU gnutls-1.2.10.tar.bz2
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.10.tar.bz2
GNU gnutls-1.3.4.tar.bz2
ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.4.tar.bz2
参考网址
来源: BUGTRAQ
名称: 20060209 ProtoVer SSL: GnuTLS
链接:http://www.securityfocus.com/archive/1/archive/1/424538/100/0/threaded
来源: MISC
链接:http://www.gleg.net/protover_ssl.shtml
来源: MLIST
名称: [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release
链接:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
来源: MLIST
名称: [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release
链接:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
来源: MLIST
名称: [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release
链接:http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
来源: MISC
链接:http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
来源: josefsson.org
链接:http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
来源: MISC
链接:http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
来源: XF
名称: gnutls-libtasn1-der-dos(24606)
链接:http://xforce.iss.net/xforce/xfdb/24606
来源: UBUNTU
名称: USN-251-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-251-1
来源: TRUSTIX
名称: 2006-0008
链接:http://www.trustix.org/errata/2006/0008
来源: BID
名称: 16568
链接:http://www.securityfocus.com/bid/16568
来源: FEDORA
名称: FEDORA-2006-107
链接:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
来源: OSVDB
名称: 23054
来源: MANDRIVA
名称: MDKSA-2006:039
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
来源: GENTOO
名称: GLSA-200602-08
链接:http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
来源: VUPEN
名称: ADV-2006-0496
链接:http://www.frsirt.com/english/advisories/2006/0496
来源: DEBIAN
名称: DSA-986
链接:http://www.debian.org/security/2006/dsa-986
来源: DEBIAN
名称: DSA-985
链接:http://www.debian.org/security/2006/dsa-985
来源: SECTRACK
名称: 1015612
链接:http://securitytracker.com/id?1015612
来源: SREASON
名称: 446
链接:http://securityreason.com/securityalert/446
来源: SECUNIA
名称: 19092
链接:http://secunia.com/advisories/19092
来源: SECUNIA
名称: 19080
链接:http://secunia.com/advisories/19080
来源: SECUNIA
名称: 18918
链接:http://secunia.com/advisories/18918
来源: SECUNIA
名称: 18898
链接:http://secunia.com/advisories/18898
来源: SECUNIA
名称: 18832
链接:http://secunia.com/advisories/18832
来源: SECUNIA
名称: 18830
链接:http://secunia.com/advisories/18830
来源: SECUNIA
名称: 18815
链接:http://secunia.com/advisories/18815
来源: SECUNIA
名称: 18794
链接:http://secunia.com/advisories/18794
来源: REDHAT
名称: RHSA-2006:0207
链接:http://rhn.redhat.com/errata/RHSA-2006-0207.html
受影响实体
Free_software_foundation_inc. Libtasn1:0.2.3 Free_software_foundation_inc. Libtasn1:0.2.2 Free_software_foundation_inc. Libtasn1:0.2.17 Free_software_foundation_inc. Libtasn1:0.2.16 Free_software_foundation_inc. Libtasn1:0.2.15信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-141
评论