Hacker News new | past | comments | ask | show | jobs | submit login
CVE-2014-3466: GnuTLS buffer overflow (redhat.com)
62 points by anon1385 on June 1, 2014 | hide | past | favorite | 6 comments



If I remember correctly, something similar demonstrated by someone(a bounty hunter) a few months back, and was featured on HN front page as well.

I remember it was maybe related to Facebook, and not to TLS/SSL specifically. Very similar.. sending excessively long session id values.

I wonder if excessively long session id values can break something else as well?


Excessively long data is a cornerstone of security vulnerabilities.

> I wonder if excessively long session id values can break something else as well?

Yes, with p~=1.


Indeed it is, but what I was curious to know more about the particular case of session IDs.


PoC (not weaponized and ugly code due to lack of time): https://github.com/azet/CVE-2014-3466_PoC

hf.


At least it's a client only vulnerability. Hope your servers don't make outbound connections! :)


Because clients don't get re-routed through malicious redirects to unexpected servers. The consolation is that GnuTLS isn't used for popular web browsers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: