Ubuntu update for GnuTLS



Published: 2017-06-13
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-7507
CVE-2017-7869
CWE-ID CWE-476
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Null pointer dereference

EUVDB-ID: #VU7481

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7507

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference while decoding a status response TLS extension with valid contents. A remote attacker can send specially crafted status_request extension in a ClientHello message to cause the GnuTLS server application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 17.04:
libgnutls30 3.5.6-4ubuntu4.1
Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.2
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.3
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.8

Vulnerable software versions

Ubuntu: 14.04 - 17.04

External links

http://www.ubuntu.com/usn/usn-3318-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU7661

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7869

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause Dos condition on the target system.

The weakness exists due to improper memory processing in the opencdk/read-packet.c of the cdk_pkt_read function. A remote attacker can send a specially crafted OpenPGP certificate, trigger buffer overflow, integer overflow or NULL pointer dereference and cause the server application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 17.04:
libgnutls30 3.5.6-4ubuntu4.1
Ubuntu 16.10:
libgnutls30 3.5.3-5ubuntu1.2
Ubuntu 16.04 LTS:
libgnutls30 3.4.10-4ubuntu1.3
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.8

Vulnerable software versions

Ubuntu: 14.04 - 17.04

External links

http://www.ubuntu.com/usn/usn-3318-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###