Bugtraq mailing list archives
Re: format string in ssl dump
From: Matthew Franz <mfranz () CISCO COM>
Date: Tue, 12 Dec 2000 08:47:22 +0000
Subject: format string in ssl dump Sorry if this has already got posted. Seeweed found this in ssldump the other day. The follwoing text is from his website (http://dropwire.dhs.org/~seeweed/): SSLDUMP is a program witch is simallar to tcpdump, but also adds encryption to its network debugging procedures..It captures traffic then decodes it to stdout ... Overall it is a great program to use when finding out where something went wrong or just to see what your buddy's encryption he has choosen to use was Here is the bug I have found...(the Author has been notified..) 1) Run SSLDUMP (needs you to be root unless setuid) 2)Open Up Netscape Navigator it) 3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s 4) watch as ssldump with gather the traffic then segfault.. --c0ncept
I've seen this behavior with "normal" SSL traffic as well. I believe the author states up front on the website that the tool may have some problems. I've found SSLdump to be a lot more stable if you capture with tcpdump -w and analyze it non real-time. Eric Rescorla's book (SSL and TLS: Designing and Building Secure Secure Systems) is an excellent treatment of the topic, though.. The same caution applies to Ethereal (both to the GTK version and tethereal) which IMHO segfaults so frequently to make it nearly useless for real-time capture, particularly for looking at bogus packets. A variety of malformed DNS and ISAKMP packets easily crash it. Tcpdump is significantly more robust and probably the safest choice for traffic capture, especially if you're analyzing malformed packets. -mdf
Current thread:
- format string in ssl dump c0ncept (Dec 11)
- Re: format string in ssl dump Matthew Franz (Dec 13)
- Re: format string in ssl dump EKR (Dec 15)
- Re: format string in ssl dump Matthew Franz (Dec 13)