Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC

From: Martin Boßlet <martin.bosslet () gmail com>
Date: Fri, 2 May 2014 15:00:48 +0200
Hi,

after analyzing the PoC script we (maintainers of the Ruby OpenSSL
extension) consider CVE-2014-2734 to be invalid. Others have independently
arrived at the same conclusion: [1][2] You may find a summary of our
analysis at [3].

Regards,
Martin Boßlet

[1] https://github.com/adrienthebo/cve-2014-2734/
[2] https://news.ycombinator.com/item?id=7601973
[3] https://gist.github.com/emboss/91696b56cd227c8a0c13

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: