gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session atta

From: Andreas Metzler
Subject: [gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session attack
Date: Mon, 11 Sep 2006 09:43:57 +0000 (UTC)
User-agent: Loom/3.14 (http://gmane.org/) 
Simon Josefsson <jas <at> extundo.com> writes:
> Andreas Metzler <ametzler <at> downhill.at.eu.org> writes:
[...]
>> This seems to cause breakage with mutt, muttng and OpenLDAP.
>> http://bugs.debian.org/386643
>> http://bugs.debian.org/386680

>> The asn1_read_value() segfaults under certain conditions (libtasn1-3
>> 0.3.5).

>> I have been able to reproduce the segfault using mutt 1.5.13 and
>> gnutls 1.0.16 + the patch quoted above on imaps:m26s25.vlinux.de, but
>> have been unable to find the reason.
 
> Can you reproduce it in gnutls 1.4.x?

On my system I could not. (Perhaps because the gnutl14 using one is a chroot), 
others did experience the bug with it.

[...] 
> It seems weird that this works with gnutls 1.4 but not gnutls 1.0 if
> the crash is in libtasn1.

The bug definitely applies to 1.4, it is just that /I/ could not reproduce 
it. - Others could. "mutt -f imaps://m26s25.vlinux.de" should do the trick.

I cannot provide more info now, since I am at work without Linux access.

cu andreas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]