Dailydave mailing list archives
Re: new ssl bug in Sun web servers
From: "Evgeny Demidov" <demidov () gleg net>
Date: Tue, 24 Aug 2004 02:07:29 +0400
On Mon, 23 Aug 2004 16:27:38 -0400 Dave Aitel <dave () immunitysec com> wrote: http://xforce.iss.net/xforce/alerts/id/180 Author: Mark DowdBug in: SSLv2 handshake of Netscape Enterprise Server (and other related products)Type: Remote heap overflow. Go Mark! :>
Hmm, this nice bug which really looks like a backdoor for me has been found during 10 minut NSS audit and given to VD about month ago ;-)
sslconn.c: /* Squirrel away the challenge for later */PORT_Memcpy(ss->sec.ci.clientChallenge, challenge, challengeLen);
Best regards -Evgeny Demidov _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- new ssl bug in Sun web servers Dave Aitel (Aug 23)
- Re: new ssl bug in Sun web servers Evgeny Demidov (Aug 23)
- Re: new ssl bug in Sun web servers H D Moore (Aug 23)
- Re: new ssl bug in Sun web servers Evgeny Demidov (Aug 23)