Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[eWeek] Security Researchers Discover New SSL Flaw

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1200
Joined: Wed Feb 05, 2014 3:47 am

[eWeek] Security Researchers Discover New SSL Flaw

Post by parityboy » Tue Jun 03, 2014 7:32 pm

"A flaw was found in the way GnuTLS parsed session IDs from Server Hello packets of the TLS/SSL [Transport Layer Security/Secure Sockets Layer} handshake," Red Hat warns in a security advisory. "A malicious server could use this flaw to send an excessively long session ID value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code."
Source