oss-sec mailing list archives
nss RSA forgery (CVE-2014-1568)
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 25 Sep 2014 00:03:21 +0200
One serious vuln per day isn't enough, so nss decided to bring us another one. Mozilla reports this: https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Bugtracker entry still private, so hard to judge about details. Interesting: Two independent discoveries (we had the same with heartbleed and I couldn't believe this was coincidence). This is what mcaffee has to say: http://blogs.mcafee.com/executive-perspectives/need-know-berserk-mozilla They say its related to BER/ASN1-parsing, but adam langley disagrees: https://twitter.com/agl__/status/514881918110683136 And it seems cyassl had something similar, also found by intel: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html No real details yet and information seems confusing. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 24)
- Re: nss RSA forgery (CVE-2014-1568) Marcus Meissner (Sep 24)
- Re: nss RSA forgery (CVE-2014-1568) Yves-Alexis Perez (Sep 25)
- Re: nss RSA forgery (CVE-2014-1568) Nick Semenkovich (Sep 24)
- Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
- Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
- Re: nss RSA forgery (CVE-2014-1568) Marcus Meissner (Sep 24)