[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC
From: Martin Boßlet <martin.bosslet@xxxxxxxxx>
Date: Fri, 2 May 2014 15:00:48 +0200

Hi,

after analyzing the PoC script we (maintainers of the Ruby OpenSSL
extension) consider CVE-2014-2734 to be invalid. Others have independently
arrived at the same conclusion: [1][2] You may find a summary of our
analysis at [3].

Regards,
Martin Boßlet

[1] https://github.com/adrienthebo/cve-2014-2734/
[2] https://news.ycombinator.com/item?id=7601973
[3] https://gist.github.com/emboss/91696b56cd227c8a0c13

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] OAuth 2.0 and OpenID vulnerable to Covert Redirect
Next by Date: [FD] Zamfoo Multiple Arbitrary Command Executions
Previous by thread: [FD] OAuth 2.0 and OpenID vulnerable to Covert Redirect
Next by thread: [FD] Zamfoo Multiple Arbitrary Command Executions
Index(es):
- Date
- Thread