
CVE-2014-3466: GnuTLS buffer overflow - anon1385
https://bugzilla.redhat.com/show_bug.cgi?id=1101932
======
rikacomet
If I remember correctly, something similar demonstrated by someone(a bounty
hunter) a few months back, and was featured on HN front page as well.

I remember it was maybe related to Facebook, and not to TLS/SSL specifically.
Very similar.. sending excessively long session id values.

I wonder if excessively long session id values can break something else as
well?

~~~
farness
Excessively long data is a cornerstone of security vulnerabilities.

> I wonder if excessively long session id values can break something else as
> well?

Yes, with p~=1.

~~~
rikacomet
Indeed it is, but what I was curious to know more about the particular case of
session IDs.

------
azet
PoC (not weaponized and ugly code due to lack of time):
[https://github.com/azet/CVE-2014-3466_PoC](https://github.com/azet/CVE-2014-3466_PoC)

hf.

------
0x0
At least it's a client only vulnerability. Hope your servers don't make
outbound connections! :)

~~~
SoftwareMaven
Because clients don't get re-routed through malicious redirects to unexpected
servers. The consolation is that GnuTLS isn't used for popular web browsers.

