[nSLUG] GnuTLS certificate bug and Apple certificate bug

Gerald Ruderman linux at zdoit.airpost.net
Fri Mar 21 11:09:21 ADT 2014


Julien,

I did oversimplify it. I agree any semi-competent bad guy could find
this. I conclude the developers and testers failed to think enough like
a bad guy.

Gerald

On 3/18/14, 20:50, Julien Savoie wrote:
. . . .
> Potentially any semi-competent bad guy testing iOS banking applications
> would have happened on this.  Now the GnuTLS vuln was a bit different,
> in this case a properly crafted certificate (just make
> _gnutls_x509_get_signed_data() fail) would be accepted as valid, even if
> it weren't signed by a certificate authority (ie self-signed).  In this
> case the bug was a type mismatch, sending -1 for failure when it
> expected a boolean (anything not zero is true).
> 



More information about the nSLUG mailing list