Vulnerability CVE-2009-2730 - CERT Civis.Net

Vulnerability Name:

CVE-2009-2730 (CCN-52404)

Assigned:

2009-08-04

Published:

2009-08-04

Updated:

2018-10-10

Summary:

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: gnutls-devel Mailing List, 2009-08-10 13:43:44 GMT
GnuTLS 2.8.2

Source: CONFIRM
Type: Vendor Advisory
http://article.gmane.org/gmane.network.gnutls.general/1733

Source: MITRE
Type: CNA
CVE-2009-2730

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:015

Source: CCN
Type: RHSA-2009-1232
Moderate: gnutls security update

Source: CCN
Type: SA36266
GnuTLS X.509 CN and SAN Fields NUL Character Spoofing Vulnerability

Source: SECUNIA
Type: Vendor Advisory
36266

Source: SECUNIA
Type: UNKNOWN
36496

Source: CCN
Type: SECTRACK ID: 1022777
GnuTLS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates

Source: DEBIAN
Type: DSA-1935
gnutls26 -- several vulnerabilities

Source: CCN
Type: GNU Web site
GnuTLS News

Source: CCN
Type: Google Chrome Web page
Google Chrome - Download a new browser

Source: MLIST
Type: UNKNOWN
[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)

Source: CCN
Type: OSVDB ID: 56960
GnuTLS libgnutls X.509 Certificate Multiple Fields NULL Character Spoofing SSL MiTM Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1232

Source: BUGTRAQ
Type: UNKNOWN
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: CCN
Type: BID-35952
GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022777

Source: CCN
Type: USN-809-1
GnuTLS vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: XF
Type: UNKNOWN
gnutls-cn-san-security-bypass(52404)

Source: XF
Type: UNKNOWN
gnutls-cn-san-security-bypass(52404)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10778

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8409

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0095

Source: SUSE
Type: SUSE-SR:2009:015
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2010:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:*:*:*:*:*:*:*:* (Version <= 2.8.1)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.64:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.65:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.37:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42316	P	Security update for p11-kit (Moderate)	2022-07-15
oval:org.opensuse.security:def:20092730	V	CVE-2009-2730	2022-05-20
oval:org.opensuse.security:def:31376	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:31336	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:33063	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26177	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31691	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:32196	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:26138	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31686	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:42118	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31244	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32152	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:31636	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36139	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36451	P	libgnutls-devel-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42546	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31633	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:31191	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32091	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31617	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:26038	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32059	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:33102	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:32271	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31741	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:26030	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31179	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:32834	P	Security update for curl (Moderate)	2020-12-18
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:35558	P	gnutls-2.4.1-24.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35711	P	gnutls-2.4.1-24.39.33.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41965	P	gnutls-2.4.1-24.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35909	P	gnutls-2.4.1-24.39.45.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25460	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25313	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:26718	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26711	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25535	P	Security update for audiofile (Low)	2020-12-01
oval:org.opensuse.security:def:31894	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27102	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26012	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25451	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:25739	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:32359	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32523	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25262	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26426	P	Security update for singularity (Moderate)	2020-12-01
oval:org.opensuse.security:def:26342	P	Security update for openjpeg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26367	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26523	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25274	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:31489	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31823	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:31789	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:31026	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25466	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26908	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25764	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31972	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:27414	P	gnucash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31038	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:25604	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31377	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25110	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26265	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:25841	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32676	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25459	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:31462	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:31480	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25185	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31393	P	Security update for pam_pkcs11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26679	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26676	P	cifs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25471	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31845	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25394	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31986	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25663	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25686	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27137	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25885	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32320	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:32484	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25801	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26285	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25263	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31397	P	Security update for perl (Low)	2020-12-01
oval:org.opensuse.security:def:26577	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25994	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32873	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:26406	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26558	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25338	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31546	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:26873	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25700	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26776	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31027	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25547	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:31802	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:25892	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27449	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25109	P	Security update for audit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31112	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32637	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31388	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:32425	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25121	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:29281	P	RHSA-2009:1232 -- gnutls security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:13825	P	USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:8289	P	DSA-1935 gnutls13 gnutls26 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:20167	P	DSA-1935-1 gnutls13 gnutls26 - SSL certificate	2014-06-23
oval:org.mitre.oval:def:22748	P	ELSA-2009:1232: gnutls security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:8409	V	VMware GnuTLS vulnerability	2014-01-20
oval:org.mitre.oval:def:10778	V	libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.	2013-04-29
oval:org.debian:def:1935	V	several vulnerabilities	2009-11-17
oval:com.redhat.rhsa:def:20091232	P	RHSA-2009:1232: gnutls security update (Moderate)	2009-08-26