English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CVE-2008-1949 : Détail

CVE-2008-1949

Authorization problems
A07-Identif. and Authent. Failures
5.13%V3
Network
2008-05-21 08:00 +00:00
2018-10-11 17:57 +00:00
CVE.org
NVD

Alerte pour un CVE

Restez informé de toutes modifications pour un CVE spécifique.
Gestion des alertes

Descriptions

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Informations

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metric Score Sévérité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

EPSS Score

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

EPSS Percentile

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Gnu>>Gnutls >> Version 1.0.18

Gnu>>Gnutls >> Version 1.0.19

Gnu>>Gnutls >> Version 1.0.20

Gnu>>Gnutls >> Version 1.0.21

Gnu>>Gnutls >> Version 1.0.22

Gnu>>Gnutls >> Version 1.0.23

Gnu>>Gnutls >> Version 1.0.24

Gnu>>Gnutls >> Version 1.0.25

Gnu>>Gnutls >> Version 1.1.13

Gnu>>Gnutls >> Version 1.1.14

Gnu>>Gnutls >> Version 1.1.15

Gnu>>Gnutls >> Version 1.1.16

Gnu>>Gnutls >> Version 1.1.17

Gnu>>Gnutls >> Version 1.1.18

Gnu>>Gnutls >> Version 1.1.19

Gnu>>Gnutls >> Version 1.1.20

Gnu>>Gnutls >> Version 1.1.21

Gnu>>Gnutls >> Version 1.1.22

Gnu>>Gnutls >> Version 1.1.23

Gnu>>Gnutls >> Version 1.2.0

Gnu>>Gnutls >> Version 1.2.1

Gnu>>Gnutls >> Version 1.2.2

Gnu>>Gnutls >> Version 1.2.3

Gnu>>Gnutls >> Version 1.2.4

Gnu>>Gnutls >> Version 1.2.5

Gnu>>Gnutls >> Version 1.2.6

Gnu>>Gnutls >> Version 1.2.7

Gnu>>Gnutls >> Version 1.2.8

Gnu>>Gnutls >> Version 1.2.9

Gnu>>Gnutls >> Version 1.2.10

Gnu>>Gnutls >> Version 1.2.11

Gnu>>Gnutls >> Version 1.3.0

Gnu>>Gnutls >> Version 1.3.1

Gnu>>Gnutls >> Version 1.3.2

Gnu>>Gnutls >> Version 1.3.3

Gnu>>Gnutls >> Version 1.3.4

Gnu>>Gnutls >> Version 1.3.5

Gnu>>Gnutls >> Version 1.4.0

Gnu>>Gnutls >> Version 1.4.1

Gnu>>Gnutls >> Version 1.4.2

Gnu>>Gnutls >> Version 1.4.3

Gnu>>Gnutls >> Version 1.4.4

Gnu>>Gnutls >> Version 1.4.5

Gnu>>Gnutls >> Version 1.5.0

Gnu>>Gnutls >> Version 1.5.1

Gnu>>Gnutls >> Version 1.5.2

Gnu>>Gnutls >> Version 1.5.3

Gnu>>Gnutls >> Version 1.5.4

Gnu>>Gnutls >> Version 1.5.5

Gnu>>Gnutls >> Version 1.6.0

Gnu>>Gnutls >> Version 1.6.1

Gnu>>Gnutls >> Version 1.6.2

Gnu>>Gnutls >> Version 1.6.3

Gnu>>Gnutls >> Version 1.7.0

Gnu>>Gnutls >> Version 1.7.1

Gnu>>Gnutls >> Version 1.7.2

Gnu>>Gnutls >> Version 1.7.3

Gnu>>Gnutls >> Version 1.7.4

Gnu>>Gnutls >> Version 1.7.5

Gnu>>Gnutls >> Version 1.7.6

Gnu>>Gnutls >> Version 1.7.7

Gnu>>Gnutls >> Version 1.7.8

Gnu>>Gnutls >> Version 1.7.9

Gnu>>Gnutls >> Version 1.7.10

Gnu>>Gnutls >> Version 1.7.11

Gnu>>Gnutls >> Version 1.7.12

Gnu>>Gnutls >> Version 1.7.13

Gnu>>Gnutls >> Version 1.7.14

Gnu>>Gnutls >> Version 1.7.15

Gnu>>Gnutls >> Version 1.7.16

Gnu>>Gnutls >> Version 1.7.17

Gnu>>Gnutls >> Version 1.7.18

Gnu>>Gnutls >> Version 1.7.19

Gnu>>Gnutls >> Version 2.0.0

Gnu>>Gnutls >> Version 2.0.1

Gnu>>Gnutls >> Version 2.0.2

Gnu>>Gnutls >> Version 2.0.3

Gnu>>Gnutls >> Version 2.0.4

Gnu>>Gnutls >> Version 2.1.0

Gnu>>Gnutls >> Version 2.1.1

Gnu>>Gnutls >> Version 2.1.2

Gnu>>Gnutls >> Version 2.1.3

Gnu>>Gnutls >> Version 2.1.4

Gnu>>Gnutls >> Version 2.1.5

Gnu>>Gnutls >> Version 2.1.6

Gnu>>Gnutls >> Version 2.1.7

Gnu>>Gnutls >> Version 2.1.8

Gnu>>Gnutls >> Version 2.2.0

Gnu>>Gnutls >> Version 2.2.1

Gnu>>Gnutls >> Version 2.2.2

Gnu>>Gnutls >> Version 2.2.3

Gnu>>Gnutls >> Version 2.2.4

Gnu>>Gnutls >> Version 2.2.5

Gnu>>Gnutls >> Version 2.3.0

Gnu>>Gnutls >> Version 2.3.1

Gnu>>Gnutls >> Version 2.3.2

Gnu>>Gnutls >> Version 2.3.3

Gnu>>Gnutls >> Version 2.3.4

Gnu>>Gnutls >> Version 2.3.5

Gnu>>Gnutls >> Version 2.3.6

Gnu>>Gnutls >> Version 2.3.7

Gnu>>Gnutls >> Version 2.3.8

Gnu>>Gnutls >> Version 2.3.9

Gnu>>Gnutls >> Version 2.3.10

Gnu>>Gnutls >> Version 2.3.11

References

http://secunia.com/advisories/30331
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31939
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-613-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2008-0492.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/05/20/1
Tags : mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-200805-20.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30355
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30317
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0489.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/30324
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30302
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/29292
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/30330
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2008/05/20/3
Tags : mailing-list, x_refsource_MLIST
http://secunia.com/advisories/30338
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1581
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2008/05/20/2
Tags : mailing-list, x_refsource_MLIST
http://securityreason.com/securityalert/3902
Tags : third-party-advisory, x_refsource_SREASON
http://secunia.com/advisories/30287
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1020058
Tags : vdb-entry, x_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/252626
Tags : third-party-advisory, x_refsource_CERT-VN

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.