lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201410151408.6.poodle@psirt.cisco.com>
Date: Wed, 15 Oct 2014 14:08:37 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Advisory ID: cisco-sa-20141015-poodle

Revision 1.0

For Public Release 2014 October 15 17:30  UTC (GMT)

+---------------------------------------------------------------------

Summary
+======

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVD625YpI1I6i1Mx3AQiVjg//ZLd1JhV/gDndxN6TuH/n/bponB+OJvMh
f+AaQuzXK1s3TiQGUhkZ2ug81EOhy63Rosm8zJfQ0eZwf4sDjoZhxpLm0AKdrTTf
dC47e3Hqde+u2g1mgU+Xcc7V+duv3X0wUjev1/7/GuKL3TwDmyTXwf/MXaKgfkTQ
T0Rd+PfNM6xQK4T4lS0AolEN8AcQDyYPAhkV3iCPyuaBBVP7GEPK75m5MFhAHqas
mgbZ4qQFLDfEF8fY4oMIgsUaEOzoMCsbaqX/SULaU/CDxixo07yx4CaqAcGdGrtd
zOoFNs5wy6amZ7pkyvvKbxkzM2O/i9KkBfMpYEPQZ2ThQa8tzXqOTyBtZXSZBZhY
RTUMMIwcfyrJARq3JxYPELHegTCvs6RE9qsRkVJQQ53arni32PjTckOGwUaHZRjx
y4ZhoMSN8+oGocaPbMBrPqDtqPbFNPcSCCcDNAzYN2lLj7jaodIn60W3jVTWR9Nv
ggM8gURWsRdqV2Br2eIEIJcJ4w8W1YFl3wogLH4u3ktqELEDBKbAkFR5F1T7tbp+
GEaVDxr8Z5jq+mxVSqn02uf3OSbQ0CYJLc/CXOu1NVmjqgNjnXsh29NfUv7R/YUp
6J8xgnQEH9g+/ZfaojwUvgRw2NHrydYiJLwmbjP0Y2WxtDFjAMO2I24+xPCW3Cb2
qRBOFESo42k=
=Gs3Q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ