libtasn vulnerability

2006.02.17
Credit: Martin Pitt
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

=========================================================== Ubuntu Security Notice USN-251-1 February 16, 2006 libtasn1-2 vulnerability CVE-2006-0645 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libtasn1-2 libgnutls10 libgnutls11 The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: libtasn1-2: 0.2.7-2ubuntu0.1 libgnutls10: 1.0.4-3ubuntu1.2 Ubuntu 5.04: libtasn1-2: 0.2.10-4ubuntu0.0.5.04.1 libgnutls11: 1.0.16-13ubuntu0.2 Ubuntu 5.10: libtasn1-2: 0.2.10-4ubuntu0.1 libgnutls11: 1.0.16-13.1ubuntu1.1 It is highly recommended to restart your computer after a standard system upgrade to effect the necessary changes. If you cannot afford to do that then you need to restart all server processes which use TLS or SSL. Details follow: Evgeny Legerov discovered a buffer overflow in the DER format decoding function of the libtasn library. This library is mainly used by the GNU TLS library; by sending a specially crafted X.509 certificate to a server which uses TLS encryption/authentication, a remote attacker could exploit this to crash that server process and possibly even execute arbitrary code with the privileges of that server. In order to fix the vulnerability in libtasn, several internal function signatures had to be changed; some of these functions are used by the GNU TLS library, so that library needs to be updated as well. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.0.5.04.1.diff.gz Size/MD5: 302811 f83da11298aef60134a9d9f60a531542 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.0.5.04.1.dsc Size/MD5: 690 804db57299c32ab396cd82096695cc21 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10.orig.tar.gz Size/MD5: 113412 ae95aa75e5db7dc4d85b2837017364a6 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3u buntu1.2.diff.gz Size/MD5: 51101 7469996012703c4b0d114c64d5dc68bd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3u buntu1.2.dsc Size/MD5: 885 4211b5ae90cf498ed4aafda803dbeb26 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4.or ig.tar.gz Size/MD5: 1378290 565d2835b772008689476488265f4e99 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls-doc_1.0 .4-3ubuntu1.2_all.deb Size/MD5: 553680 f0229ca2a099166ad6f565bb758614bc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.0.5.04.1_amd64.deb Size/MD5: 185958 45bbee6946f97f40acfa658bb82568c0 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.0.5.04.1_amd64.deb Size/MD5: 44638 387a051b35fa2da3a6b34c1ad00ed5f5 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1. 0.4-3ubuntu1.2_amd64.deb Size/MD5: 193798 486d7cf57a79adee420558731135d5bb http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1 .0.4-3ubuntu1.2_amd64.deb Size/MD5: 367360 a7873c8b6f0c51eaee5cafd62bfc82dc http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4 -3ubuntu1.2_amd64.deb Size/MD5: 309536 7f7e50c02ace523bec531589950ae39b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.0.5.04.1_i386.deb Size/MD5: 181920 a590e7f46e3880313b0febc6b65a4d26 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.0.5.04.1_i386.deb Size/MD5: 42696 82535e441f6b80c533cc3fc939a0d212 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1. 0.4-3ubuntu1.2_i386.deb Size/MD5: 185402 b91cd88c85e5f4351b5f64f26db699cd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1 .0.4-3ubuntu1.2_i386.deb Size/MD5: 328816 bdea2a19bc27f9ad534c5d3371729790 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4 -3ubuntu1.2_i386.deb Size/MD5: 279656 e4f7a519775fc0a830295962042ca93c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.0.5.04.1_powerpc.deb Size/MD5: 188012 7bc64fc8a372430f5e1d29ac0ba92d4b http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.0.5.04.1_powerpc.deb Size/MD5: 43214 86e22d9cad05471106f17423eac69673 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1. 0.4-3ubuntu1.2_powerpc.deb Size/MD5: 196144 90339e5b1d5b9b9d1e4493b00545d589 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1 .0.4-3ubuntu1.2_powerpc.deb Size/MD5: 396324 7287cefdf890c683e4aefeb676b00be7 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4 -3ubuntu1.2_powerpc.deb Size/MD5: 284968 f6e888674395191804960ebbbd736f76 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7-2ubuntu0.1.diff.gz Size/MD5: 9397 65421e1371910a12a2d0181ad85cc920 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7-2ubuntu0.1.dsc Size/MD5: 669 7a62f4a925dd9e8c905427eeaa2ff7c9 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7.orig.tar.gz Size/MD5: 529617 21e39cb21260116bf4a84d31063972e4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1 3ubuntu0.2.diff.gz Size/MD5: 339177 a461c7974e30d5d643dfe39624193c14 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1 3ubuntu0.2.dsc Size/MD5: 830 2aec252666f1c50c3c6d42be88832a34 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.o rig.tar.gz Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.7-2ubuntu0.1_amd64.deb Size/MD5: 182002 d0cded4628833103e039a4778a23616b http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7-2ubuntu0.1_amd64.deb Size/MD5: 43622 8e2fda9ac3950b8c559acf982474e8ef http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13ubuntu0.2_amd64.deb Size/MD5: 217456 8e337aeb284177963c1616110e50e733 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13ubuntu0.2_amd64.deb Size/MD5: 575502 45fbfd2a5dfed9a13e0bb711824a6588 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13ubuntu0.2_amd64.deb Size/MD5: 392362 2898ee7b31d7f99dca61b8d27850c7db http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13ubuntu0.2_amd64.deb Size/MD5: 326894 902e0a28fe1bf3c7d396e8038dcde8f8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.7-2ubuntu0.1_i386.deb Size/MD5: 178122 9693d7954bdba6dc59040fb4560cb38b http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7-2ubuntu0.1_i386.deb Size/MD5: 41964 9b7bba1c7979021988feb67f70c3a766 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13ubuntu0.2_i386.deb Size/MD5: 203442 34ba50244aa67e733f211f06d0d4d03a http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13ubuntu0.2_i386.deb Size/MD5: 555604 8d5085dfa64e9a0bd1d2489a8a3825d9 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13ubuntu0.2_i386.deb Size/MD5: 357134 42f0fe10f5943b40264faaafd785e349 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13ubuntu0.2_i386.deb Size/MD5: 293370 7d4b401e88668c627b7c224c6ea96398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.7-2ubuntu0.1_powerpc.deb Size/MD5: 184002 9e0c79244c7737042c270a43327dc7ca http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.7-2ubuntu0.1_powerpc.deb Size/MD5: 42284 ad68e8405ad32072f62d5d058d923358 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13ubuntu0.2_powerpc.deb Size/MD5: 218384 0bd5da55b0b21b7b9e49f85363340de8 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13ubuntu0.2_powerpc.deb Size/MD5: 1416000 525d1008f84aeb586250cecc133efb6a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13ubuntu0.2_powerpc.deb Size/MD5: 388764 d8afff0331d2bce12a7fc5e62b966260 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13ubuntu0.2_powerpc.deb Size/MD5: 299404 42e776d44dc90db1bc796c2c5564ac3b Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.1.diff.gz Size/MD5: 302886 1c86ff9ac73ba986e91aaf23231aa3f2 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.1.dsc Size/MD5: 676 770e9f82dff36318022a1fcc963855ff http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10.orig.tar.gz Size/MD5: 113412 ae95aa75e5db7dc4d85b2837017364a6 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1 3.1ubuntu1.1.diff.gz Size/MD5: 339696 38b52c650f0018100c5a085ffddc2ccf http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1 3.1ubuntu1.1.dsc Size/MD5: 829 d65ba5094be7fc67079e12da2da25dce http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.o rig.tar.gz Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.1_amd64.deb Size/MD5: 187882 ab7100c04b67119522e6020536fad1d8 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.1_amd64.deb Size/MD5: 46348 a435cac32c356140771a6a5c4207eef4 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13.1ubuntu1.1_amd64.deb Size/MD5: 217428 02c4205d6b5fda205092a3a998dd9647 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13.1ubuntu1.1_amd64.deb Size/MD5: 500798 d3e5feafe1ea05f1fc84a6897bb93418 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13.1ubuntu1.1_amd64.deb Size/MD5: 398672 0b2dbfb3d19c8927da51b6ce80cac82f http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13.1ubuntu1.1_amd64.deb Size/MD5: 332038 6e776f87dfdf505ccbd2d72c8406bc67 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.1_i386.deb Size/MD5: 182088 578ad92f2fa97c221698a836f8a51cb5 http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.1_i386.deb Size/MD5: 42356 18105b162e1b4a3ae0b259f8ecec8be9 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13.1ubuntu1.1_i386.deb Size/MD5: 201606 e7e0d57a788d2d37087373db6f9fd1f2 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13.1ubuntu1.1_i386.deb Size/MD5: 443546 f4576a81cec8565257de1ec5e6e93467 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13.1ubuntu1.1_i386.deb Size/MD5: 353296 82914947d86d8fc89e78308868dcf6fb http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13.1ubuntu1.1_i386.deb Size/MD5: 286992 dc34ea8b46a24be8feaf8f63cae6a08a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d ev_0.2.10-4ubuntu0.1_powerpc.deb Size/MD5: 188214 0a375d921a5639958a1c37d904658fea http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0 .2.10-4ubuntu0.1_powerpc.deb Size/MD5: 43566 73654c735e38d3b19d206217fbac1ca9 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1. 0.16-13.1ubuntu1.1_powerpc.deb Size/MD5: 218704 a61cc659973675624da83dbb23141c7c http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d bg_1.0.16-13.1ubuntu1.1_powerpc.deb Size/MD5: 498388 e4687d0a5b18c45173bc3dc702b40563 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1 .0.16-13.1ubuntu1.1_powerpc.deb Size/MD5: 395190 1a5b4de0cb8ab1a6853a9b554b91e1c8 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1 6-13.1ubuntu1.1_powerpc.deb Size/MD5: 304606 46f8fc5a3f641f36433b9f2d5759ff17 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD9LjRDecnbV4Fd/IRAt4BAJ9LK9ZkZLZQOF25Mx9BFm6fDWXe7wCgo965 7zHoyJ4tz/2HjsifAs4yRjs= =/THs -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top