Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-296: GnuTLS Security Update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-296: GnuTLS Security Update
# 1  
Old 05-22-2008
S-296: GnuTLS Security Update
Flaws were found in the way GnuTLS handles malicious client connections and it is possible to leverage this flaw to execute arbitrary code. The risk is MEDIUM. A malicious remote client could sent a specially crafted request to a service using GnuTLS that could cause the service to crash and it may be possible to execute arbitrary code but they have been unable to prove this at the time of releasing this advisory.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

gnutls_record_recv

gnutls_record_recv(3)						      gnutls						     gnutls_record_recv(3)

NAME

       gnutls_record_recv - API function

SYNOPSIS

       #include <gnutls/gnutls.h>

       ssize_t gnutls_record_recv(gnutls_session_t session, void * data, size_t data_size);

ARGUMENTS

       gnutls_session_t session
		   is a gnutls_session_t structure.

       void * data the buffer that the data will be read into

       size_t data_size
		   the number of requested bytes

DESCRIPTION

       This  function  has  the  similar semantics with recv().  The only difference is that it accepts a GnuTLS session, and uses different error
       codes.  In the special case that a server requests a renegotiation, the client may receive an error  code  of  GNUTLS_E_REHANDSHAKE.   This
       message	may be simply ignored, replied with an alert GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake, depending on the client's
       will.  If EINTR is returned by the internal push function  (the	default  is  recv())  then  GNUTLS_E_INTERRUPTED  will	be  returned.	If
       GNUTLS_E_INTERRUPTED  or  GNUTLS_E_AGAIN is returned, you must call this function again to get the data.  See also gnutls_record_get_direc-
       tion().	A server may also receive GNUTLS_E_REHANDSHAKE when a client has initiated a handshake. In that case the server can only  initiate
       a handshake or terminate the connection.

RETURNS

       The  number of bytes received and zero on EOF (for stream connections).	A negative error code is returned in case of an error.	The number
       of bytes received might be less than the requested  data_size .

REPORTING BUGS

       Report bugs to <bug-gnutls@gnu.org>.
       General guidelines for reporting bugs: http://www.gnu.org/gethelp/
       GnuTLS home page: http://www.gnu.org/software/gnutls/

COPYRIGHT

       Copyright (C) 2012 Free Software Foundation, Inc..
       Copying and distribution of this file, with or without modification, are permitted in any medium without  royalty  provided  the  copyright
       notice and this notice are preserved.

SEE ALSO

       The  full documentation for gnutls is maintained as a Texinfo manual.  If the info and gnutls programs are properly installed at your site,
       the command

	      info gnutls

       should give you access to the complete manual.  As an alternative you may obtain the manual from:

	      http://www.gnu.org/software/gnutls/manual/

gnutls								      3.1.15						     gnutls_record_recv(3)