Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596 http://www.vuxml.org/freebsd/bdec8dc2-0b3b-11e1-b722-001cc0476564.html
Insight
The following package is affected: gnutls
CVE-2011-4128
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
Severity
Classification
-
CVE CVE-2011-4128 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities