GNUTLS-SA-2008-1 question
Simon Josefsson
simon at josefsson.org
Mon May 19 23:34:41 CEST 2008
Josh Bressers <bressers at redhat.com> writes:
> Hello,
>
> My name is Josh Bressers and I am a member of the Red Hat Security Response
> Team.
>
> I just found out about GNUTLS-SA-2008-1 and was wondering if you could
> clear something up for me.
Hi!
Btw, be sure to check out the 2.2.5 announcement.
> The advisory states it's a denial of service, but from reading the
> advisory, GNUTLS-SA-2008-1-1, it sounds like it should be an exploitable
> buffer overflow, not just a denial-of-service. Are you willing to share
> your reasoning for calling this a DoS rather than an arbitrary code
> execution flaw?
It may indeed be more than just a denial-of-service, but we don't have
resources to analyze this in more detail. We just echo the report that
was submitted to us, and it was about segmentation faults.
> Also, would you be willing to share the reproducer for this flaw? We are
> interested in it for QA purposes.
I'll attach my internal notes for reproducing the flaws to you in a
private email.
> I'm also wondering if you'd be willing to give the Vendor Security group a
> heads up on issues such as this in the future. You can find more details
> about the group here:
> http://oss-security.openwall.org/wiki/mailinglists/vendor-sec
The vulnerability was submitted to us via CERT-FI, so I incorrectly
assumed they had communicated this to vendors. I'll see if I can
subscribe to the list to be able to give an heads-up in the future.
Thanks,
/Simon
More information about the Gnutls-devel
mailing list