TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit

From: Martin Vuagnoux (bugtraq@vuagnoux.com)
Date: 03/26/03

  • Next message: Joel Eriksson: "Re: Automatic discovery of shellcode address"
    From: "Martin Vuagnoux" <bugtraq@vuagnoux.com>
    To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>, <vuldb@securityfocus.com>
    Date: Wed, 26 Mar 2003 13:53:49 +0100
    
    

    Hi,
    Here you can find the tool used to make a "proof of concept" for the
    Vaudenay's TLS Timing Attack for < OpenSSL/9.7a. (CAN-2003-78)
    BID REF: 6884

                                http://omen.vuagnoux.com

    This attack was tested on a IMAPrev4 server (WU) encapsuled by
    stunnel-3.22 using OpenSSL/9.7 and Microsoft Outlook Express 6.x IMAP
    client.

    Enjoy :^)

    Martin Vuagnoux - ilion's lab member - www.ilionsecurity.ch


  • Next message: Joel Eriksson: "Re: Automatic discovery of shellcode address"