Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31481
HistoryDec 09, 2014 - 12:00 a.m.

[oss-security] CVE question: Return of POODLE

2014-12-0900:00:00
vulners.com
21

Hi All,

Before i ask my question:

It seems some TLS implementations may be vulnerable to POODLE like attack if they use SSL 3.0 type padding and the padding bytes are not checked by the implementation.

https://www.imperialviolet.org/2014/12/08/poodleagain.html
https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151

CVE-2014-8730 was assigned to this issue (by MITRE i suppose) and its not clear if this CVE has been assigned to their code or to the protocol weakness.

I have not checked if any implementations are vulnerable, but could MITRE please confirm if its ok to reuse this CVE if any crypto-libs are found vulnerable, or if they plan to assign another CVE id?


Huzaifa Sidhpurwala / Red Hat Product Security Team

Related for SECURITYVULNS:DOC:31481