Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2015-03443

Опубликовано: 30 июл. 2009
Источник: fstec
CVSS2: 7.5
EPSS Низкий

Описание

Множественные уязвимости пакета libgnutls26 операционной системы Debian GNU/Linux, эксплуатация которых может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Вендор

Сообщество свободного программного обеспечения

Наименование ПО

Debian GNU/Linux

Версия ПО

до 4 (Debian GNU/Linux)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,5)

Возможные меры по устранению уязвимости

Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:
Debian GNU/Linux 4:
ppc:
libgnutls13-dbg - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
s390x:
libgnutls13 - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
i686:
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
hppa:
gnutls-bin - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
sparc:
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
x86-64:
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
alpha:
libgnutls-dev - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
ia64:
libgnutls13-dbg - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
mips:
libgnutls13 - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
noarch:
gnutls-doc - 1.4.4-3+etch5
mipsel:
gnutls-bin - 1.4.4-3+etch5
libgnutls13-dbg - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
arm:
libgnutls13-dbg - 1.4.4-3+etch5
gnutls-bin - 1.4.4-3+etch5
libgnutls-dev - 1.4.4-3+etch5
libgnutls13 - 1.4.4-3+etch5
Debian GNU/Linux 5:
s390x:
guile-gnutls - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
i686:
libgnutls26 - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
hppa:
libgnutls-dev - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
sparc:
libgnutls26 - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
x86-64:
gnutls-bin - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
armel:
libgnutls-dev - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
alpha:
guile-gnutls - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
ia64:
libgnutls-dev - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
mips:
libgnutls-dev - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
noarch:
gnutls-doc - 2.4.2-6+lenny2
mipsel:
libgnutls26 - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
guile-gnutls - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2
arm:
guile-gnutls - 2.4.2-6+lenny2
libgnutls26 - 2.4.2-6+lenny2
libgnutls26-dbg - 2.4.2-6+lenny2
gnutls-bin - 2.4.2-6+lenny2
libgnutls-dev - 2.4.2-6+lenny2

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 83%
0.02015
Низкий

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-2409

ubuntu
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

redhat логотип

CVE-2009-2409

redhat
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

nvd логотип

CVE-2009-2409

nvd
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

debian логотип

CVE-2009-2409

debian
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in ...

github логотип

GHSA-c2f9-w3c5-x385

github
около 3 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

EPSS

Процентиль: 83%
0.02015
Низкий

7.5 High

CVSS2