oss-sec mailing list archives
Re: CVE request: Erlang POODLE TLS vulnerability
From: cve-assign () mitre org
Date: Fri, 27 Mar 2015 13:24:17 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
From the release notes of Erlang 18.0-rc1: http://www.erlang.org/news/85 "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability." This indicates that Erlang was vulnerable to the TLS-variant of the poodle vulnerability due to missing padding checks this clearly is an implementation error and thus should be considered a vuln.
Use CVE-2015-2774. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVFZGTAAoJEKllVAevmvmsrb8H/jlkxOnhkQ0hIZ/XURZYf31O i2LIOF4W5YkEmuI8W1EI9s+3UDf0gbJ4tQ54djwG0BF9I48T1jrl+MxWcco0nK8Q p2jDrqj28gjlPnxoOslUoTSMZqvHrl591OCRpkLn+1ggK8wL75gpEhEscGrux64u GaAjg5fklTUqf9aGWwYADk2bRZS6lOVwHHErHn8bvXsiST3vvhqIL03xNJBIl4MH 2/Km1nigVtBEthhhkXAtAl5Vds7BKxUUJOdNAvqPIu7s17b3bG464txNGrpdk7I+ +ImUdaTHg+XS/9MrqhF8GylUMgtBeYuibp3xBqOZEEZzfzHtfJg8zFKmrjJE3g8= =mfFG -----END PGP SIGNATURE-----
Current thread:
- CVE request: Erlang POODLE TLS vulnerability Hanno Böck (Mar 27)
- Re: CVE request: Erlang POODLE TLS vulnerability cve-assign (Mar 27)