You Are Here: Home » Industry News » GnuTLS Bug Leaves Linux-Speaking Internet Open to Eavesdropping

GnuTLS Bug Leaves Linux-Speaking Internet Open to Eavesdropping

A newly discovered vulnerability in the Gnu implementation of TLS is threatening the privacy of users running major distributions of Linux. The bug resides in the GnuTLS implementation and can be used to facilitate a man-in-the-middle attack and decrypt web traffic, according to GnuTLS’s security advisory.

GnuTLS Bug Leaves Linux-Speaking Internet Open to Eavesdropping

“It was discovered that GnuTLS X.509 certificate verification code failed to properly handle certain errors that can occur during the certificate verification,” Tomas Hoger told Red Hat’s bug report. “When such errors are encountered, GnuTLS would report successful verification of the certificate, even though verification should end with failure.”

Even if it was not verified by a Certificate Authority, an attacker with a “specially-crafted” certificate can be accepted by the GnuTLS, thus leaving a big gap for a man-in-the-middle attack against software using GnuTLS.

The impact could be catastrophic. The TLS/SSL protocol is used today by millions of services worldwide to create a secure connection to a web service. Most servers run a Linux distro such as Red Hat, Ubuntu, or Debian, to mention only a few of the vulnerable operating systems.

Internet-grade encryption has been in the crosshairs lately, as the GnuTLS implementation fault follows right after Apple’s massive GOTO fail we wrote about earlier this week.

Users running operating systems with vulnerable implementations of the GnuTLS are advised to update the software to the latest version (3.2.12) or apply the GnuTLS 2.12.x. patch.

About The Author

Content Specialist

The youngest writer of the Bitdefender News Palace, Lucian is always after flash news in the security industry, especially when the cops show up. Besides digging for ‘hacker’ scoops, he enjoys computer games. He has leveraged his deft keyboard touch to learn melodic guitar riffs that break the hearts of the ladies at the Faculty of Political Science.

Number of Entries : 58

Leave a Comment

© 2012 Powered By Bitdefender

Scroll to top