PT-2013-1247 · Gnu+3 · Gnutls+3

Kenny Paterson

Publicado

2013-02-08

Atualizado

2014-03-26

CVE-2013-1619

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 2.12.23 GnuTLS versions 3.0.x prior to 3.0.28 GnuTLS versions 3.1.x prior to 3.1.7

Description The issue affects the TLS implementation in GnuTLS, allowing remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets. This is related to the improper consideration of timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding.

Recommendations For GnuTLS versions prior to 2.12.23, update to version 2.12.23 or later. For GnuTLS versions 3.0.x prior to 3.0.28, update to version 3.0.28 or later. For GnuTLS versions 3.1.x prior to 3.1.7, update to version 3.1.7 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

BDU:2015-09730

CESA-2013_0588

CVE-2013-1619

OPENSUSE-SU-2014_0346-1

RHSA-2013:0588

RHSA-2013:0636

RHSA-2013_0588

SUSE-SU-2013_0731-1

USN-1752-1

Produtos afetados

Centos

Gnutls

Red Hat

Suse

PT-2013-1247 · Gnu+3 · Gnutls+3

CVE-2013-1619

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51