Ubuntu update for GnuTLS



Published: 2017-02-01
Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2016-7444
CVE-2016-8610
CVE-2017-5334
CVE-2017-5335
CVE-2017-5336
CVE-2017-5337
CWE-ID CWE-20
CWE-388
CWE-415
CWE-119
CWE-121
CWE-122
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU7655

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient validation of the serial length of an OCSP response by the gnutls_ocsp_resp_check_crt function in the lib/x509/ocsp.c code. A remote attacker can bypass certificate validation and conduct further attacks.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU1083

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8610

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated user to exhaust memory on the target system.
The weakness is due to improper handling of certain packets by the ssl3_read_bytes() function in 'ssl/s3_pkt.c.
By sending a flood of SSL3_AL_WARNING alerts during the SSL handshake, a remote attacker can consume excessive CPU resources that may lead to OpenSSL library being unavailable.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double free

EUVDB-ID: #VU7656

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5334

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input by the gnutls_x509_ext_import_proxy function. A remote attacker can send a specially crafted X.509 certificate with Proxy Certificate Information extension present, trigger double free error and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU7657

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5335

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to insufficient error checking in the stream-reading functions. A remote attacker can send a specially crafted OpenPGP certificate, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU7658

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5336

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of malicious OpenPGP certificates by the cdk_pk_get_keyid function. A remote attacker can send a specially crafted OpenPGP certificate, trigger stack-based buffer overflow and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU7660

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5337

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of malicious OpenPGP certificates by the read_attribute function. A remote attacker can send a specially crafted OpenPGP certificate, trigger heap-based buffer overflow and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.1
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.2
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.6
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.13

Vulnerable software versions

Ubuntu: 12.04 - 16.10

External links

http://www.ubuntu.com/usn/usn-3183-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###