libtasn vulnerability

2006.02.17

Credit: Martin Pitt

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-0645

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

===========================================================
Ubuntu Security Notice USN-251-1 February 16, 2006
libtasn1-2 vulnerability
CVE-2006-0645
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libtasn1-2
libgnutls10
libgnutls11
The problem can be corrected by upgrading the affected package to
the following versions:
Ubuntu 4.10:
libtasn1-2: 0.2.7-2ubuntu0.1
libgnutls10: 1.0.4-3ubuntu1.2
Ubuntu 5.04:
libtasn1-2: 0.2.10-4ubuntu0.0.5.04.1
libgnutls11: 1.0.16-13ubuntu0.2
Ubuntu 5.10:
libtasn1-2: 0.2.10-4ubuntu0.1
libgnutls11: 1.0.16-13.1ubuntu1.1
It is highly recommended to restart your computer after a standard
system upgrade to effect the necessary changes. If you cannot afford
to do that then you need to restart all server processes which use
TLS or SSL.
Details follow:
Evgeny Legerov discovered a buffer overflow in the DER format decoding
function of the libtasn library. This library is mainly used by the
GNU TLS library; by sending a specially crafted X.509 certificate to a
server which uses TLS encryption/authentication, a remote attacker
could exploit this to crash that server process and possibly even
execute arbitrary code with the privileges of that server.
In order to fix the vulnerability in libtasn, several internal
function signatures had to be changed; some of these functions are
used by the GNU TLS library, so that library needs to be updated as
well.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.0.5.04.1.diff.gz
Size/MD5: 302811 f83da11298aef60134a9d9f60a531542
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.0.5.04.1.dsc
Size/MD5: 690 804db57299c32ab396cd82096695cc21
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10.orig.tar.gz
Size/MD5: 113412 ae95aa75e5db7dc4d85b2837017364a6
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3u
buntu1.2.diff.gz
Size/MD5: 51101 7469996012703c4b0d114c64d5dc68bd
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3u
buntu1.2.dsc
Size/MD5: 885 4211b5ae90cf498ed4aafda803dbeb26
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4.or
ig.tar.gz
Size/MD5: 1378290 565d2835b772008689476488265f4e99
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls-doc_1.0
.4-3ubuntu1.2_all.deb
Size/MD5: 553680 f0229ca2a099166ad6f565bb758614bc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.0.5.04.1_amd64.deb
Size/MD5: 185958 45bbee6946f97f40acfa658bb82568c0
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.0.5.04.1_amd64.deb
Size/MD5: 44638 387a051b35fa2da3a6b34c1ad00ed5f5
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.
0.4-3ubuntu1.2_amd64.deb
Size/MD5: 193798 486d7cf57a79adee420558731135d5bb
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1
.0.4-3ubuntu1.2_amd64.deb
Size/MD5: 367360 a7873c8b6f0c51eaee5cafd62bfc82dc
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4
-3ubuntu1.2_amd64.deb
Size/MD5: 309536 7f7e50c02ace523bec531589950ae39b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.0.5.04.1_i386.deb
Size/MD5: 181920 a590e7f46e3880313b0febc6b65a4d26
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.0.5.04.1_i386.deb
Size/MD5: 42696 82535e441f6b80c533cc3fc939a0d212
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.
0.4-3ubuntu1.2_i386.deb
Size/MD5: 185402 b91cd88c85e5f4351b5f64f26db699cd
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1
.0.4-3ubuntu1.2_i386.deb
Size/MD5: 328816 bdea2a19bc27f9ad534c5d3371729790
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4
-3ubuntu1.2_i386.deb
Size/MD5: 279656 e4f7a519775fc0a830295962042ca93c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.0.5.04.1_powerpc.deb
Size/MD5: 188012 7bc64fc8a372430f5e1d29ac0ba92d4b
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.0.5.04.1_powerpc.deb
Size/MD5: 43214 86e22d9cad05471106f17423eac69673
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.
0.4-3ubuntu1.2_powerpc.deb
Size/MD5: 196144 90339e5b1d5b9b9d1e4493b00545d589
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1
.0.4-3ubuntu1.2_powerpc.deb
Size/MD5: 396324 7287cefdf890c683e4aefeb676b00be7
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4
-3ubuntu1.2_powerpc.deb
Size/MD5: 284968 f6e888674395191804960ebbbd736f76
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7-2ubuntu0.1.diff.gz
Size/MD5: 9397 65421e1371910a12a2d0181ad85cc920
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7-2ubuntu0.1.dsc
Size/MD5: 669 7a62f4a925dd9e8c905427eeaa2ff7c9
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7.orig.tar.gz
Size/MD5: 529617 21e39cb21260116bf4a84d31063972e4
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1
3ubuntu0.2.diff.gz
Size/MD5: 339177 a461c7974e30d5d643dfe39624193c14
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1
3ubuntu0.2.dsc
Size/MD5: 830 2aec252666f1c50c3c6d42be88832a34
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.o
rig.tar.gz
Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.7-2ubuntu0.1_amd64.deb
Size/MD5: 182002 d0cded4628833103e039a4778a23616b
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7-2ubuntu0.1_amd64.deb
Size/MD5: 43622 8e2fda9ac3950b8c559acf982474e8ef
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13ubuntu0.2_amd64.deb
Size/MD5: 217456 8e337aeb284177963c1616110e50e733
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13ubuntu0.2_amd64.deb
Size/MD5: 575502 45fbfd2a5dfed9a13e0bb711824a6588
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13ubuntu0.2_amd64.deb
Size/MD5: 392362 2898ee7b31d7f99dca61b8d27850c7db
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13ubuntu0.2_amd64.deb
Size/MD5: 326894 902e0a28fe1bf3c7d396e8038dcde8f8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.7-2ubuntu0.1_i386.deb
Size/MD5: 178122 9693d7954bdba6dc59040fb4560cb38b
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7-2ubuntu0.1_i386.deb
Size/MD5: 41964 9b7bba1c7979021988feb67f70c3a766
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13ubuntu0.2_i386.deb
Size/MD5: 203442 34ba50244aa67e733f211f06d0d4d03a
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13ubuntu0.2_i386.deb
Size/MD5: 555604 8d5085dfa64e9a0bd1d2489a8a3825d9
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13ubuntu0.2_i386.deb
Size/MD5: 357134 42f0fe10f5943b40264faaafd785e349
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13ubuntu0.2_i386.deb
Size/MD5: 293370 7d4b401e88668c627b7c224c6ea96398
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.7-2ubuntu0.1_powerpc.deb
Size/MD5: 184002 9e0c79244c7737042c270a43327dc7ca
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.7-2ubuntu0.1_powerpc.deb
Size/MD5: 42284 ad68e8405ad32072f62d5d058d923358
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13ubuntu0.2_powerpc.deb
Size/MD5: 218384 0bd5da55b0b21b7b9e49f85363340de8
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13ubuntu0.2_powerpc.deb
Size/MD5: 1416000 525d1008f84aeb586250cecc133efb6a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13ubuntu0.2_powerpc.deb
Size/MD5: 388764 d8afff0331d2bce12a7fc5e62b966260
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13ubuntu0.2_powerpc.deb
Size/MD5: 299404 42e776d44dc90db1bc796c2c5564ac3b
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.1.diff.gz
Size/MD5: 302886 1c86ff9ac73ba986e91aaf23231aa3f2
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.1.dsc
Size/MD5: 676 770e9f82dff36318022a1fcc963855ff
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10.orig.tar.gz
Size/MD5: 113412 ae95aa75e5db7dc4d85b2837017364a6
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1
3.1ubuntu1.1.diff.gz
Size/MD5: 339696 38b52c650f0018100c5a085ffddc2ccf
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-1
3.1ubuntu1.1.dsc
Size/MD5: 829 d65ba5094be7fc67079e12da2da25dce
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.o
rig.tar.gz
Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.1_amd64.deb
Size/MD5: 187882 ab7100c04b67119522e6020536fad1d8
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.1_amd64.deb
Size/MD5: 46348 a435cac32c356140771a6a5c4207eef4
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13.1ubuntu1.1_amd64.deb
Size/MD5: 217428 02c4205d6b5fda205092a3a998dd9647
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13.1ubuntu1.1_amd64.deb
Size/MD5: 500798 d3e5feafe1ea05f1fc84a6897bb93418
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13.1ubuntu1.1_amd64.deb
Size/MD5: 398672 0b2dbfb3d19c8927da51b6ce80cac82f
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13.1ubuntu1.1_amd64.deb
Size/MD5: 332038 6e776f87dfdf505ccbd2d72c8406bc67
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.1_i386.deb
Size/MD5: 182088 578ad92f2fa97c221698a836f8a51cb5
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.1_i386.deb
Size/MD5: 42356 18105b162e1b4a3ae0b259f8ecec8be9
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13.1ubuntu1.1_i386.deb
Size/MD5: 201606 e7e0d57a788d2d37087373db6f9fd1f2
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13.1ubuntu1.1_i386.deb
Size/MD5: 443546 f4576a81cec8565257de1ec5e6e93467
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13.1ubuntu1.1_i386.deb
Size/MD5: 353296 82914947d86d8fc89e78308868dcf6fb
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13.1ubuntu1.1_i386.deb
Size/MD5: 286992 dc34ea8b46a24be8feaf8f63cae6a08a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-d
ev_0.2.10-4ubuntu0.1_powerpc.deb
Size/MD5: 188214 0a375d921a5639958a1c37d904658fea
http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0
.2.10-4ubuntu0.1_powerpc.deb
Size/MD5: 43566 73654c735e38d3b19d206217fbac1ca9
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.
0.16-13.1ubuntu1.1_powerpc.deb
Size/MD5: 218704 a61cc659973675624da83dbb23141c7c
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-d
bg_1.0.16-13.1ubuntu1.1_powerpc.deb
Size/MD5: 498388 e4687d0a5b18c45173bc3dc702b40563
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1
.0.16-13.1ubuntu1.1_powerpc.deb
Size/MD5: 395190 1a5b4de0cb8ab1a6853a9b554b91e1c8
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.1
6-13.1ubuntu1.1_powerpc.deb
Size/MD5: 304606 46f8fc5a3f641f36433b9f2d5759ff17
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD9LjRDecnbV4Fd/IRAt4BAJ9LK9ZkZLZQOF25Mx9BFm6fDWXe7wCgo965
7zHoyJ4tz/2HjsifAs4yRjs=
=/THs
-----END PGP SIGNATURE-----

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

libtasn vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.