[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CACYkhxiyoQWsnKHOZuBCPjQn9=jJPbLzk_cvGx3vHyjNU5u1nA@mail.gmail.com>
Date: Thu, 5 Feb 2015 11:18:01 +1100
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable?
On 5 February 2015 at 03:35, Mark Felder <feld@...d.me> wrote:
> *) mod_ssl: New directive SSLSessionTickets (On|Off).
And as with nginx and OpenSSL s3_srvr.c, there's no retval check on
RAND_pseudo_bytes() when creating the IV to encrypt the session
ticket.
This isn't exploitable with the default RNG (you won't get this far
without a working RNG), but be careful if your engine is flaking out -
you could be sending something else out with your IVs...
For the record:
-1 : Error, buffer not filled
0 : Buffer filled with potentially predictable entropy (unless an
engine aliased their RAND_bytes interface to RAND_pseudo_bytes!)
1 : Success
Regards,
Michael
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
