Quantcast
Channel: Tekdig » News Update
Viewing all articles
Browse latest Browse all 10

New BUG in GnuTLS bringing malicious code in Linux

0
0

Another major security vulnerability has been discovered in the popular cryptographic Library ‘GnuTLS’ that leaves Linux vulnerable to remote code execution.

GNUTLS is a free library implementing Secure Socket Layer(SSL), Transport Layer Security (TLS) and Datagram Transport Layer Security(DTLS) protocols which are used to offer secure communications.

“A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake.” an entry posted on the Red Hat Bug Tracker reads.

Flaw: The read_server_hello function checks only whether the length of the Session ID does not exceed incoming packet size but it fails to ensure it doesn’t exceed maximum length of Session ID.

A malicious server could exploit this vulnerability by sending a very long Session ID value and run a malicious code in “a connecting TLS/SSL client using GnuTLS”.

In March, a different vulnerability was patched in GnuTLS Library that could have allowed attackers “to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker”

Screenshot_2014-09-08-21-52-54-1

The post New BUG in GnuTLS bringing malicious code in Linux appeared first on Tekdig.


Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images