Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-3466

Disclosure Date: June 03, 2014
CVE-2014-3466
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2014-3466 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466)
BID-67741 (http://www.securityfocus.com/bid/67741)
Advisory
http://www.gnutls.org/security.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678776
DSA-2944 (http://www.debian.org/security/2014/dsa-2944)
SECUNIA-58340 (http://secunia.com/advisories/58340)
http://rhn.redhat.com/errata/RHSA-2014-0595.html
USN-2229-1 (http://www.ubuntu.com/usn/USN-2229-1)
SECUNIA-58642 (http://secunia.com/advisories/58642)
http://www.novell.com/support/kb/doc.php?id=7015302
SECUNIA-59057 (http://secunia.com/advisories/59057)
http://linux.oracle.com/errata/ELSA-2014-0595.html
SECUNIA-59086 (http://secunia.com/advisories/59086)
https://bugzilla.redhat.com/show_bug.cgi?id=1101932
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
http://rhn.redhat.com/errata/RHSA-2014-0684.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
SECUNIA-59021 (http://secunia.com/advisories/59021)
http://rhn.redhat.com/errata/RHSA-2014-0815.html
http://www.novell.com/support/kb/doc.php?id=7015303
http://linux.oracle.com/errata/ELSA-2014-0594.html
SECUNIA-58598 (http://secunia.com/advisories/58598)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
SECUNIA-59838 (http://secunia.com/advisories/59838)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
SECUNIA-60384 (http://secunia.com/advisories/60384)
http://rhn.redhat.com/errata/RHSA-2014-0594.html
SECUNIA-59016 (http://secunia.com/advisories/59016)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
SECUNIA-58601 (http://secunia.com/advisories/58601)
SECUNIA-59408 (http://secunia.com/advisories/59408)
https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
SECTRACK-1030314 (http://www.securitytracker.com/id/1030314)
Miscellaneous
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis