CVE Database

CVE-2014-0092

Impact: Important
Public: 2014-03-03
CWE: CWE-295
Bugzilla: 1069865: CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)

Details

The MITRE CVE dictionary describes this issue as:

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Find out more about CVE-2014-0092 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 5.8
Base Metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2014:0339 March 31, 2014
Red Hat Enterprise Linux AUS (v. 6.2 server) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux ES (v. 4 ELS) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux EUS (v. 5.9 server) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux LL (v. 5.6 server) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux Long Life (v. 5.3 server) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux Server EUS (v. 6.3) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux Server EUS (v. 6.4) (gnutls) RHSA-2014:0288 March 12, 2014
Red Hat Enterprise Linux version 5 (gnutls) RHSA-2014:0247 March 03, 2014
Red Hat Enterprise Linux version 6 (gnutls) RHSA-2014:0246 March 03, 2014

External References

Acknowledgements

This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.