Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71293
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: libtasn1
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

libtasn1
gnutls
gnutls-devel

CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before
2.12, as used in GnuTLS before 3.0.16 and other products, does not
properly handle certain large length values, which allows remote
attackers to cause a denial of service (heap memory corruption and
application crash) or possibly have unspecified other impact via a
crafted ASN.1 structure.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1569
Bugtraq: 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Debian Security Information: DSA-2440 (Google Search)
http://www.debian.org/security/2012/dsa-2440
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
http://www.openwall.com/lists/oss-security/2012/03/20/3
http://www.openwall.com/lists/oss-security/2012/03/20/8
http://www.openwall.com/lists/oss-security/2012/03/21/5
RedHat Security Advisories: RHSA-2012:0427
http://rhn.redhat.com/errata/RHSA-2012-0427.html
RedHat Security Advisories: RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RedHat Security Advisories: RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://www.securitytracker.com/id?1026829
http://secunia.com/advisories/48397
http://secunia.com/advisories/48488
http://secunia.com/advisories/48505
http://secunia.com/advisories/48578
http://secunia.com/advisories/48596
http://secunia.com/advisories/49002
http://secunia.com/advisories/50739
http://secunia.com/advisories/57260
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://www.ubuntu.com/usn/USN-1436-1
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.