One more security vulnerability found on popular cryptographic Library GnuTLS. This bug leaves Linux vulnerable to remote code execution.GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols.
A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake.
A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.
The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length:
https://www.gitorious.org/gnutls/gnutls/source/8d7d6c6:lib/gnutls_handshake.c#L1747
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
