TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit

From: Martin Vuagnoux (bugtraq@vuagnoux.com)
Date: 03/26/03

Next message: Joel Eriksson: "Re: Automatic discovery of shellcode address"

Previous message: Scott Harrington: "RE: Backup Agents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Martin Vuagnoux" <bugtraq@vuagnoux.com>
To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>, <vuldb@securityfocus.com>
Date: Wed, 26 Mar 2003 13:53:49 +0100

Hi,
Here you can find the tool used to make a "proof of concept" for the
Vaudenay's TLS Timing Attack for < OpenSSL/9.7a. (CAN-2003-78)
BID REF: 6884

http://omen.vuagnoux.com

This attack was tested on a IMAPrev4 server (WU) encapsuled by
stunnel-3.22 using OpenSSL/9.7 and Microsoft Outlook Express 6.x IMAP
client.

Enjoy :^)

Martin Vuagnoux - ilion's lab member - www.ilionsecurity.ch

Next message: Joel Eriksson: "Re: Automatic discovery of shellcode address"

Previous message: Scott Harrington: "RE: Backup Agents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]