Hacker News new | comments | show | ask | jobs | submit login
Technical Analysis Of The GnuTLS Hello Vulnerability (radare.today)
47 points by xvilka on June 1, 2014 | hide | past | web | favorite | 5 comments



> Two weeks ago, an interesting commit appeared in the GnuTLS repository.

This statement gives the impression that the code was quietly fixed without disclosing the vulnerability. In reality, the fix was done on 5/23, but it was not rebased and committed to the public repo until the bug was formally announced and the updated releases were ready:

    commit 688ea6428a432c39203d00acd1af0e7684e5ddfd
    Author:     Nikos Mavrogiannopoulos <nmav@gnutls.org>
    AuthorDate: Fri May 23 19:50:31 2014 +0200
    Commit:     Nikos Mavrogiannopoulos <nmav@gnutls.org>
    CommitDate: Thu May 29 19:00:01 2014 +0200
    
    Prevent memory corruption due to server hello parsing.


Thanks for the clarification, I was wondering about this!


I hope to someday reach the level of expertise the author of this post has... for now, though, I think I'll stick to playing CTFs.

Fantastic work, even if (s)he didn't find the vulnerability her-/himself.


404 not found now?


Awesome!




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: