Intrusion Prevention

GnuTLS.Security.Null.Signature.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in GnuTLS
Incorrect certificate signature checks in GnuTLS allows an attacker to impersonate as the real server in a SSL protected communication. An attacker could impersonate as a legitimate server with a specially crafted certificate. This can result in a MITM attack.

Affected Products

Up to GnuTLS 3.1.22 and 3.2.12

Impact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Update GnuTLS to 3.1.23 and 3.2.x before 3.2.12
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341

CVE References

CVE-2014-0092