https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2725
Michael Mann <mmann78@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2179|review_for_checkin? |review_for_checkin-
Flags| |
--- Comment #4 from Michael Mann <mmann78@xxxxxxxxxxxx> 2012-09-03 08:26:41 PDT ---
Comment on attachment 2179
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2179
implementation of CVE 2008 0166 attack with progress bar, updated to trunk
r26056
The patch no longer applies cleanly (no surprise after 4 years). I could
"manually" merge the packet-ssl-utils.[ch] changes, but ran into issues with
packet-ssl.c.
Comments:
1. dissecting SSL_HND_SERVER_KEY_EXCHG has since been implemented and I
couldn't tell if this patch functionality (and its accompanying display
filters) are the same thing.
2. cve_20008_0166_leys_list should probably be implemented as a UAT.
3. Not sure if this attack is still worth trying to detect, as it appears to
have been addressed years ago.
http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2008:166
I consider this a WONTFIX candidate.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.