[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2003-09-30 15:17:17
[Download RAW message or body]
On Tue, Sep 30, 2003 at 03:27:50PM +0100, Mark J Cox wrote:
> Who is affected?
> - ----------------
>
> All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
> versions of SSLeay are affected.
>
> Any application that makes use of OpenSSL's ASN1 library to parse
> untrusted data. This includes all SSL or TLS applications, those using
> S/MIME (PKCS#7) or certificate generation routines.
Does verifying a RSA signature also count? IIRC the ASN.1 parser is
invoked during the process (to check the padding).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic