lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAFfYYx+TMLkuLXbpq4JbfCCB_UQkg3JV2i79p6kmVjESQ1rxtA@mail.gmail.com>
Date: Fri, 2 May 2014 15:00:48 +0200
From: Martin Boßlet <martin.bosslet@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC

Hi,

after analyzing the PoC script we (maintainers of the Ruby OpenSSL
extension) consider CVE-2014-2734 to be invalid. Others have independently
arrived at the same conclusion: [1][2] You may find a summary of our
analysis at [3].

Regards,
Martin Boßlet

[1] https://github.com/adrienthebo/cve-2014-2734/
[2] https://news.ycombinator.com/item?id=7601973
[3] https://gist.github.com/emboss/91696b56cd227c8a0c13

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ