Wireshark-bugs: [Wireshark-bugs] [Bug 2725] SSL/TLS connection decryption when any of the partie

Date: Mon, 3 Sep 2012 08:26:42 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725

Michael Mann <mmann78@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2179|review_for_checkin?         |review_for_checkin-
              Flags|                            |

--- Comment #4 from Michael Mann <mmann78@xxxxxxxxxxxx> 2012-09-03 08:26:41 PDT ---
Comment on attachment 2179
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2179
implementation of CVE 2008 0166 attack with progress bar, updated to trunk
r26056

The patch no longer applies cleanly (no surprise after 4 years).  I could
"manually" merge the packet-ssl-utils.[ch] changes, but ran into issues with
packet-ssl.c.

Comments:
1. dissecting SSL_HND_SERVER_KEY_EXCHG has since been implemented and I
couldn't tell if this patch functionality (and its accompanying display
filters) are the same thing.

2. cve_20008_0166_leys_list should probably be implemented as a UAT.

3. Not sure if this attack is still worth trying to detect, as it appears to
have been addressed years ago.
http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2008:166

I consider this a WONTFIX candidate.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.