| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40070C35.4040501@vulnscan.org> From: syzop at vulnscan.org (Bram Matthys (Syzop)) Subject: OpenSSL ASN.1 parsing bugs PoC / brute forcer Hi, exactly a week ago Mark Lachniet asked on the list(s) for PoC code for the OpenSSL ASN.1 parsing bugs ( http://www.openssl.org/news/secadv_20030930.txt ). I replied and gave details on how I made my brute forcer for that but didn't provide a PoC due to ugly code (and actually.. other reasons too). Since then, several people have mailed me off-list for it and I haven't seen any other PoC yet.. so I've now decided to release it anyway :) Feel free to modify/rip it off/etc. If you got any positive results or made some kind of improved version, please let me know. Have fun, Syzop. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sslexp.c Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040115/2e07e08b/sslexp.c
Powered by blists - more mailing lists