SB2017080109 - Red Hat update for GnuTLS
Published: August 1, 2017 Updated: August 4, 2017
Security Bulletin ID
SB2017080109
Severity
Low
Patch available
YES
Number of vulnerabilities
7
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2016-7444)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to insufficient validation of the serial length of an OCSP response by the gnutls_ocsp_resp_check_crt function in the lib/x509/ocsp.c code. A remote attacker can bypass certificate validation and conduct further attacks.
2) Double free (CVE-ID: CVE-2017-5334)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to insufficient validation of user-supplied input by the gnutls_x509_ext_import_proxy function. A remote attacker can send a specially crafted X.509 certificate with Proxy Certificate Information extension present, trigger double free error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Memory corruption (CVE-ID: CVE-2017-5335)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to insufficient error checking in the stream-reading functions. A remote attacker can send a specially crafted OpenPGP certificate, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Stack-based buffer overflow (CVE-ID: CVE-2017-5336)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to improper processing of malicious OpenPGP certificates by the cdk_pk_get_keyid function. A remote attacker can send a specially crafted OpenPGP certificate, trigger stack-based buffer overflow and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Heap-based buffer overflow (CVE-ID: CVE-2017-5337)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to improper processing of malicious OpenPGP certificates by the read_attribute function. A remote attacker can send a specially crafted OpenPGP certificate, trigger heap-based buffer overflow and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Null pointer dereference (CVE-ID: CVE-2017-7507)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference while decoding a status response TLS extension with valid contents. A remote attacker can send specially crafted status_request extension in a ClientHello message to cause the GnuTLS server application to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Denial of service (CVE-ID: CVE-2017-7869)
The vulnerability allows a remote unauthenticated attacker to cause Dos condition on the target system.The weakness exists due to improper memory processing in the opencdk/read-packet.c of the cdk_pkt_read function. A remote attacker can send a specially crafted OpenPGP certificate, trigger buffer overflow, integer overflow or NULL pointer dereference and cause the server application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.