Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 5 Feb 2015 11:18:01 +1100
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable?

On 5 February 2015 at 03:35, Mark Felder <feld@...d.me> wrote:
>   *) mod_ssl: New directive SSLSessionTickets (On|Off).

And as with nginx and OpenSSL s3_srvr.c, there's no retval check on
RAND_pseudo_bytes() when creating the IV to encrypt the session
ticket.

This isn't exploitable with the default RNG (you won't get this far
without a working RNG), but be careful if your engine is flaking out -
 you could be sending something else out with your IVs...

For the record:
-1 : Error, buffer not filled
 0 : Buffer filled with potentially predictable entropy (unless an
engine aliased their RAND_bytes interface to RAND_pseudo_bytes!)
 1 : Success


Regards,
  Michael

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ