-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-0052 Title: GnuTLS Hello Vulnerability [1] Version history: 04.06.2014 Initial version Summary ======= This vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client. [1] CVE numbers: CVE-2014-3466 [2] Affected Versions ================= All versions prior to 3.1.25, 3.2.15 or 3.3.4 Original Details ================ The GnuTLS library implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, offering numerous Linux distributions and applications the tools to access secure communications. So while GnuTLS offers privacy over insecure channels, the bug means it is possible for an attacker to crash or take control of a PC when it is attempting to establish a secure connection with the attacker's server. [2] A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length. [3] A potential way to exploit it is discussed in [4]. What can you do? ================ Update to one of the newest versions: 3.1.25, 3.2.15 or 3.3.4 What to tell your users ======================= N/A More information ================ [1] http://www.gnutls.org/security.html [2] http://www.cso.com.au/article/546512/gnutls_bug_exposes_linux_clients_server_attacks_/ [3] https://bugzilla.redhat.com/show_bug.cgi?id=1101932 [4] http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJTjxFfAAoJEPpzpNLI8SVoFlUQAIEawslEG1Jn8YihGyQb/LvA aJqFXR/ueb4kNpQ1qkEdc30l70g/V2sGMS41EuIvN+qvxidYIHCfiwBkYBK1AlmJ QgXn/tq3d8y/OkLpOpA8uQsg1dH/cRJkb0W+rkdKopJTQT+Csp3aM5UTDYoBuExl dTVENB5sqga+DJcSa1HLNnQexaRaJ7HZ5pHLMG8+a+0jrKt1KUfTNDUqbpcOPaXy q30k270jFzWydi3qBNUuy/EKXoPwEzjoseulSWuUoC0MleFBV4nlS0rCaFeJs1si NANzpfEnfsu+GkSThRsjq20cc0yx2WzbSym2b0eJ31Z9hzy66po72UWgBM1d1fnB 5caFeT6ZkHZ11Tohzz1kU2d3VfzLqm3t8i7HrdBFeDikqYVcPMtwC0MnzpJ+MetD bvINOUmbY8jjqd70zJeVmrajZmZdgEOhe/loyKLbX3Hs5AiGRXnbLzW0b1XRSpik 2VmX/dzeBfxo45MIRw1m2vMZJycSZAy2oeIEKly0BgpnV0vQ71k1iAVOMliL4nd6 kNf4WfwoKHepX3yYCm8PeX3AWzmvkCOKBGtmzW+36XvBUVAvG9TdquGkV6rhPGsm /s0quocY/1a8LUODGYkzKMllJykELYtUyb1ouxaDqY93yEnH1nRQ30qtYMuUTz0y sGZIIYYDGPDQGN3SUytJ =naSs -----END PGP SIGNATURE-----