Bug On GnuTLS Allows Hackers to Run Malicious Code - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Bug On GnuTLS Allows Hackers to Run Malicious Code

One more security vulnerability found on popular cryptographic Library GnuTLS. This bug leaves Linux vulnerable to remote code execution.

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols.

A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake.  

A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length:

https://www.gitorious.org/gnutls/gnutls/source/8d7d6c6:lib/gnutls_handshake.c#L1747









Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter