oss-sec mailing list archives
Lots of CVEs ahead in TLS implementations
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 4 Apr 2014 10:07:58 +0200
Hi, There is a pretty interesting new research paper that tries to find all kinds of vulnerabilities in TLS implementations regarding certificate validation: https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf They found a whole bunch of issues in various open source ssl implementations Maybe we can start some collaborative effort to dig through them and assign CVEs. Some seem to have already been handled, e.g. one of the most sever issues found is CVE-2014-1959 in gnutls (already fixed upstream). However, others seem unhandled. Beside: It's well worth reading the paper if you're into that stuff. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- Lots of CVEs ahead in TLS implementations Hanno Böck (Apr 04)