安全研究

安全漏洞
GnuTLS堆溢出及拒绝服务漏洞

发布日期:2008-05-20
更新日期:2008-05-21

受影响系统:
GNU GnuTLS < 2.2.5
不受影响系统:
GNU GnuTLS 2.2.5
描述:
BUGTRAQ  ID: 29292
CVE(CAN) ID: CVE-2008-1948,CVE-2008-1949,CVE-2008-1950

GnuTLS是用于实现TLS加密协议的函数库。

GnuTLS在处理各种畸形TLS报文时存在多个安全漏洞,可能导致拒绝服务或完全入侵运行该库应用程序所在的操作系统。

如果用户所发送的Client Hello消息包含有Server Name扩展的话,就可能在lib/ext_server_name.c文件的_gnutls_server_name_recv_params()函数中触发堆溢出,导致执行任意代码。

lib/gnutls_kx.c文件的_gnutls_recv_client_kx_message()函数在处理包含有多个Client Hello消息的TLS报文时存在空指针引用,lib/gnutls_cipher.c文件的_gnutls_ciphertext2compressed()函数在处理加密TLS数据时存在符号错误,这两个漏洞都可能导致使用GnuTLS库的应用程序崩溃。

<*来源:Simon Josefsson
  
  链接:http://secunia.com/advisories/30287/
        http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
        http://marc.info/?l=bugtraq&m=121129819328803&w=2
        http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
        https://www.redhat.com/support/errata/RHSA-2008-0492.html
        https://www.redhat.com/support/errata/RHSA-2008-0489.html
        http://www.debian.org/security/2008/dsa-1581
        http://security.gentoo.org/glsa/glsa-200805-20.xml
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1581-1)以及相应补丁:
DSA-1581-1:New gnutls13 packages fix potential code execution
链接:http://www.debian.org/security/2008/dsa-1581

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz
Size/MD5 checksum:    19173 12dfc774f73fbfff5a9853255eb4044e
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
Size/MD5 checksum:  4752009 c06ada020e2b69caa51833175d59f8b2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc
Size/MD5 checksum:     1251 f3b7538539a9a255eac70d8ed816e2d2

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb
Size/MD5 checksum:  2305156 92f5504bb67e96400b279148ff36954a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb
Size/MD5 checksum:   327962 019adc4281f16b70ee32b6fb098b6db4
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb
Size/MD5 checksum:   547270 baf92f790799abc128bb9efed980b53d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb
Size/MD5 checksum:   523926 fadab0e3396daaa51e25aaf764ebff32
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb
Size/MD5 checksum:   196278 2435a7c5406d9e2ea0b75ab7c06f9ee9

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb
Size/MD5 checksum:   182806 c6be7ccc98eed7ed736e62494b816698
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb
Size/MD5 checksum:   538864 a044b7f079d9e26263e019cc097961d2
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb
Size/MD5 checksum:   314566 339849e531211778332d01e39e806b37
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb
Size/MD5 checksum:   389130 830c1b21cdfd37cb104c8f5638e8ecd2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb
Size/MD5 checksum:   521698 24bc2603d20bd09f1b50dbc284d7c002
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb
Size/MD5 checksum:   183890 0f5af046360a12c7974af8b8f47c12ca
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb
Size/MD5 checksum:   312458 bc455a6e70342a891e3e50928df33627
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb
Size/MD5 checksum:   434892 d6e3aca67b9e59bb3689fda6a479d1d3

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb
Size/MD5 checksum:   358100 a1417f99c68ccfe7fe3baaf5b0a82fc4
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb
Size/MD5 checksum:   281748 1b968342495c6fd9e35974fe7794c66a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb
Size/MD5 checksum:   524782 4af9debc5ebb2f0afbb552599b04a1ea
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb
Size/MD5 checksum:   172744 1fc64ca700778b7c076fe18078898293

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb
Size/MD5 checksum:   550132 6cdee2122fcabf7538cbb8a5f8a46dc8
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb
Size/MD5 checksum:   527970 f79a04ada0467a5e2ad881486f180524
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb
Size/MD5 checksum:   394710 f3539e1074b5fdf7b4e05a5ae18910d6
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb
Size/MD5 checksum:   229100 a5b608a5d0b08366d46a7e7b378cb76f

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb
Size/MD5 checksum:   552510 4d33587b3d164660b88e1a0aece6de07
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb
Size/MD5 checksum:   417916 e7b68ae5b9a26748f7ee5c608c6871ad
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb
Size/MD5 checksum:   277948 b4aa68014ab9005a66dc04b8424fe941
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb
Size/MD5 checksum:   181700 810ae6a3d92eb7609a0cfd32db043433

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb
Size/MD5 checksum:   541700 657c1167d217eb639cf3655b486fcc62
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb
Size/MD5 checksum:   417032 f3beae1dd61de2e3fac5d292fcb1c377
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb
Size/MD5 checksum:   277698 48986a326282563af743147dc76f0fd5
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb
Size/MD5 checksum:   182654 e86e98f4fbd9659b1b7da3f5ac3ca442

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb
Size/MD5 checksum:   184542 dfed7b8ae7a888d65d82e28f4a15d0bd
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb
Size/MD5 checksum:   288842 38db064a06a7b073e456425f74392a51
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb
Size/MD5 checksum:   538618 9cfd7c7cdf36aea9c445e237156a8898
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb
Size/MD5 checksum:   388748 50dd9f5a82dca333bdbd282992488eab

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb
Size/MD5 checksum:   537378 b60c8caef47fa70cc68399db3b1bde5a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb
Size/MD5 checksum:   311484 363d2d588467086e7fe144acbd420e56
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb
Size/MD5 checksum:   184454 837c2b3b9e82118952a8051d4d52c5ee
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb
Size/MD5 checksum:   380122 6345f76b43ce87b7419d5f519bb5ab98

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb
Size/MD5 checksum:   491030 26a5ca2cb1de39a51c22e90d3894ee87
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb
Size/MD5 checksum:   271018 4fc9a17eb374885cf809575bcecbe8a9
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb
Size/MD5 checksum:   169546 a717fb3d1c0cf0b28069693d6da91495
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb
Size/MD5 checksum:   378820 7d307f07e38974f276b189eb90599161

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

GNU
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.gnu.org/software/gnutls/releases/gnutls-2.2.5.tar.bz2

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2008:0489-01)以及相应补丁:
RHSA-2008:0489-01:Critical: gnutls security update
链接:https://www.redhat.com/support/errata/RHSA-2008-0489.html

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200805-20)以及相应补丁:
GLSA-200805-20:GnuTLS: Execution of arbitrary code
链接:http://security.gentoo.org/glsa/glsa-200805-20.xml

所有GnuTLS用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.2.5"

浏览次数:3376
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客