[Full-Disclosure] SSL vulnerability

• Previous message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Need help in performing aremotevulnerability scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Wed, 3 Mar 2004 09:07:08 -0800

I am a Sidewinder G2 user. In their latest upgrade they are going away
from an IPSEC based VPN client to SSL. If memory servers me there are
some exploitable issues in SSL. SecureComputing uses a proprietary OS
based on SecureOS based on OpenBSD. I am not sure what flavor of SSL
they use, but I am guessing it's based on Open SSL.
I know this is the right place to ask, so.... What have you folks heard
about recent SSL vulnerabilites, how easy are they to exploit, and are
there any known exploits recently?

Thanks
Dan Sichel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Need help in performing aremotevulnerability scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How safe for firewall rule using 127.0.0.0/8 ... >> Consider a nefarious VPN client, installed by a web site, that tunnels ... > firewall is useless in that situation anyway. ... website running an ssl vpn server, even though he doesn't realise it. ... (comp.security.firewalls) Re: [fw-wiz] httport 3snf ... > Are there application layer routers that can deny all SSL except for MAC ... happy to configure things to get that and Mr. B uses a VPN client to ... I don't think your imaginary SSL blocker would have the ... This won't help you unless they're using your DNS servers ... (Firewall-Wizards)