Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 5 Feb 2015 11:18:01 +1100
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable?

On 5 February 2015 at 03:35, Mark Felder <feld@...d.me> wrote:
>   *) mod_ssl: New directive SSLSessionTickets (On|Off).

And as with nginx and OpenSSL s3_srvr.c, there's no retval check on
RAND_pseudo_bytes() when creating the IV to encrypt the session
ticket.

This isn't exploitable with the default RNG (you won't get this far
without a working RNG), but be careful if your engine is flaking out -
 you could be sending something else out with your IVs...

For the record:
-1 : Error, buffer not filled
 0 : Buffer filled with potentially predictable entropy (unless an
engine aliased their RAND_bytes interface to RAND_pseudo_bytes!)
 1 : Success


Regards,
  Michael

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.