PT-2014-1865 · Gnu+4 · Gnutls+4

Publicado

2014-03-03

Atualizado

2024-06-15

CVE-2014-0092

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.1.22 GnuTLS versions 3.2.x prior to 3.2.12

Description The issue arises from improper handling of unspecified errors when verifying X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers via a crafted certificate. Exploitation of this vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GnuTLS versions prior to 3.1.22, update to version 3.1.22 or later. For GnuTLS versions 3.2.x prior to 3.2.12, update to version 3.2.12 or later. As a temporary workaround, consider restricting the use of X.509 certificate verification until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

ALT-PU-2014-1263

BDU:2015-07241

BDU:2015-07246

BDU:2015-07249

BDU:2015-07253

BDU:2015-09761

CESA-2014_0246

CVE-2014-0092

DSA-2869-1

MGASA-2014-0117

OPENSUSE-SU-2014_0325-1

OPENSUSE-SU-2014_0328-1

OPENSUSE-SU-2014_0346-1

OPENSUSE-SU-2024:10105-1

RHSA-2014:0246

RHSA-2014:0247

RHSA-2014:0288

RHSA-2014:0339

RHSA-2014_0246

RHSA-2014_0247

SUSE-SU-2014_0321-1

SUSE-SU-2014_0323-1

SUSE-SU-2015:0675-1

USN-2127-1

Produtos afetados

Alt Linux

Centos

Gnutls

Red Hat

Suse

PT-2014-1865 · Gnu+4 · Gnutls+4

CVE-2014-0092

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 89