[gnutls-dev] Re: Variant of Bleichenbacher's crypto 06 rump session attack

Andreas Metzler ametzler at downhill.at.eu.org
Mon Sep 11 11:43:57 CEST 2006

Simon Josefsson <jas <at> extundo.com> writes:
> Andreas Metzler <ametzler <at> downhill.at.eu.org> writes:
>> This seems to cause breakage with mutt, muttng and OpenLDAP.
>> http://bugs.debian.org/386643
>> http://bugs.debian.org/386680

>> The asn1_read_value() segfaults under certain conditions (libtasn1-3
>> 0.3.5).

>> I have been able to reproduce the segfault using mutt 1.5.13 and
>> gnutls 1.0.16 + the patch quoted above on imaps:m26s25.vlinux.de, but
>> have been unable to find the reason.
> Can you reproduce it in gnutls 1.4.x?

On my system I could not. (Perhaps because the gnutl14 using one is a chroot), 
others did experience the bug with it.

> It seems weird that this works with gnutls 1.4 but not gnutls 1.0 if
> the crash is in libtasn1.

The bug definitely applies to 1.4, it is just that /I/ could not reproduce 
it. - Others could. "mutt -f imaps://m26s25.vlinux.de" should do the trick.

I cannot provide more info now, since I am at work without Linux access.

cu andreas

More information about the Gnutls-devel mailing list