3 matches found
Vulnerability in OpenSSL - Possible denial of service in X.509 name checks
Issue summary : Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary : Abnormal termination of an application can a cause a denial o...
Updated samba packages fix security vulnerability
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks CVE-2017-11103. The samba package has been updated...
Internet Bug Bounty: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure. This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability: https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/ This is probably a good opportunity ...