|GnuTLS堆溢出及拒绝服务漏洞 - VULHUB开源网络安全威胁库

GnuTLS堆溢出及拒绝服务漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 29292 CVE(CAN) ID: CVE-2008-1948,CVE-2008-1949,CVE-2008-1950 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS在处理各种畸形TLS报文时存在多个安全漏洞，可能导致拒绝服务或完全入侵运行该库应用程序所在的操作系统。如果用户所发送的Client Hello消息包含有Server Name扩展的话，就可能在lib/ext_server_name.c文件的_gnutls_server_name_recv_params()函数中触发堆溢出，导致执行任意代码。 lib/gnutls_kx.c文件的_gnutls_recv_client_kx_message()函数在处理包含有多个Client Hello消息的TLS报文时存在空指针引用，lib/gnutls_cipher.c文件的_gnutls_ciphertext2compressed()函数在处理加密TLS数据时存在符号错误，这两个漏洞都可能导致使用GnuTLS库的应用程序崩溃。 0 GnuTLS < 2.2.5 Debian ------ Debian已经为此发布了一个安全公告（DSA-1581-1）以及相应补丁: DSA-1581-1：New gnutls13 packages fix potential code execution 链接：<a href=http://www.debian.org/security/2008/dsa-1581 target=_blank>http://www.debian.org/security/2008/dsa-1581</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz</a> Size/MD5 checksum: 19173 12dfc774f73fbfff5a9853255eb4044e <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz</a> Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc</a> Size/MD5 checksum: 1251 f3b7538539a9a255eac70d8ed816e2d2 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb</a> Size/MD5 checksum: 2305156 92f5504bb67e96400b279148ff36954a alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 327962 019adc4281f16b70ee32b6fb098b6db4 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 547270 baf92f790799abc128bb9efed980b53d <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 523926 fadab0e3396daaa51e25aaf764ebff32 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 196278 2435a7c5406d9e2ea0b75ab7c06f9ee9 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 182806 c6be7ccc98eed7ed736e62494b816698 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 538864 a044b7f079d9e26263e019cc097961d2 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 314566 339849e531211778332d01e39e806b37 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 389130 830c1b21cdfd37cb104c8f5638e8ecd2 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 521698 24bc2603d20bd09f1b50dbc284d7c002 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 183890 0f5af046360a12c7974af8b8f47c12ca <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 312458 bc455a6e70342a891e3e50928df33627 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 434892 d6e3aca67b9e59bb3689fda6a479d1d3 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 358100 a1417f99c68ccfe7fe3baaf5b0a82fc4 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 281748 1b968342495c6fd9e35974fe7794c66a <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 524782 4af9debc5ebb2f0afbb552599b04a1ea <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 172744 1fc64ca700778b7c076fe18078898293 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 550132 6cdee2122fcabf7538cbb8a5f8a46dc8 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 527970 f79a04ada0467a5e2ad881486f180524 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 394710 f3539e1074b5fdf7b4e05a5ae18910d6 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 229100 a5b608a5d0b08366d46a7e7b378cb76f mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 552510 4d33587b3d164660b88e1a0aece6de07 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 417916 e7b68ae5b9a26748f7ee5c608c6871ad <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 277948 b4aa68014ab9005a66dc04b8424fe941 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 181700 810ae6a3d92eb7609a0cfd32db043433 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 541700 657c1167d217eb639cf3655b486fcc62 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 417032 f3beae1dd61de2e3fac5d292fcb1c377 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 277698 48986a326282563af743147dc76f0fd5 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 182654 e86e98f4fbd9659b1b7da3f5ac3ca442 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 184542 dfed7b8ae7a888d65d82e28f4a15d0bd <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 288842 38db064a06a7b073e456425f74392a51 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 538618 9cfd7c7cdf36aea9c445e237156a8898 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 388748 50dd9f5a82dca333bdbd282992488eab s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 537378 b60c8caef47fa70cc68399db3b1bde5a <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 311484 363d2d588467086e7fe144acbd420e56 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 184454 837c2b3b9e82118952a8051d4d52c5ee <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 380122 6345f76b43ce87b7419d5f519bb5ab98 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb</a> Size/MD5 checksum: 491030 26a5ca2cb1de39a51c22e90d3894ee87 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb</a> Size/MD5 checksum: 271018 4fc9a17eb374885cf809575bcecbe8a9 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb</a> Size/MD5 checksum: 169546 a717fb3d1c0cf0b28069693d6da91495 <a href=http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb</a> Size/MD5 checksum: 378820 7d307f07e38974f276b189eb90599161 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.gnu.org/software/gnutls/releases/gnutls-2.2.5.tar.bz2 target=_blank>http://www.gnu.org/software/gnutls/releases/gnutls-2.2.5.tar.bz2</a> RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0489-01）以及相应补丁: RHSA-2008:0489-01：Critical: gnutls security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0489.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0489.html</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™