Hi,
I have the same issue since last gnutls CVE fix on ubuntu (14.04):
http://launchpadlibrarian.net/233330701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz
The fix remove the fallback using extensions in certificate to negotiate
cipher. This expose a bug in openvas library.
find attached my fix for openvas8. The problem is that the "SECURE"
priority string does not exists (see
http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t
know why gnutls_priority_set_direct does not issues an error, but this
is the cause of the bug.
Bye !
Le mardi 12 janvier 2016 07:18:49 James Lay a écrit :
> On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote:
> > What distribution is openvas installed at? How did you install it?
> > How did you upgrade?
> >
> > Sent from my mobile device.
> >
> >
> > El 12 ene. 2016 2:59 p. m., "Reindl Harald" <[email protected]>
> >
> > escribió:
> > Am 12.01.2016 um 14:46 schrieb James Lay:
> > Topic says it....after doing an upgrade from
> > libgnutls26:amd64 to
> > libgnutls-openssl27:amd64 I now get:
> >
> > Login failed. OMP service is down.
> >
> > openvasmd.log shows:
> >
> > lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> > Failed
> > to shake hands
> > with peer: A TLS packet with unexpected length was
> > received.
> > lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> > Failed
> > to shutdown
> > server socket
> > md main:CRITICAL:2016-01-12 13h36.10 utc:1749:
> > serve_client: failed to
> > attach client session to socket 9
> > lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> > Failed to gnutls_bye:
> > GnuTLS internal error.
> >
> > Besides downgrading, is there something I can look
> > at
> > to fix this?
> > Thank you
> >
> > http://www.catb.org/esr/faqs/smart-questions.html#beprecise
> >
> >
> > _______________________________________________
> > Openvas-discuss mailing list
> > [email protected]
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o
> > penvas-discuss>
> > _______________________________________________
> > Openvas-discuss mailing list
> > [email protected]
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d
> > iscuss
> From here:
>
> https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
>
> Ubuntu 14.04....looks like I'm not the only one as I see others are
> having the initial NVT cache rebuild issue. Thank you.
>
> James
--
Guillaume Castagnino
[email protected]
--- misc/openvas_server.c.orig 2016-01-12 14:19:44.580035097 +0100
+++ misc/openvas_server.c 2016-01-12 14:20:08.264040607 +0100
@@ -806,7 +806,7 @@
*/
if ((err_gnutls = gnutls_priority_set_direct (*server_session,
- priority? priority : "SECURE",
+ priority? priority : "NORMAL",
NULL)))
{
g_warning ("%s: failed to set tls priorities: %s\n", __FUNCTION__,
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
