[liberationtech] Multiple vulnerabilities in Silent Circle
Steve Weis
steveweis at gmail.com
Fri Jun 28 13:34:00 PDT 2013
SilentCircle may also be vulernable to this DoS against the PolarSSL
library:
http://bureauofsabotage.com/report001.txt
Apparently, an attacker can send the PolarSSL lib into an infinite loop
with a malformed certificate. It affects versions 1.1.0 up to 1.2.8.
SilentCircle is using 1.1.1 here:
https://github.com/SilentCircle/silent-phone-android/blob/ffd18e90251db4964db210d6348352465531544e/jni/Android.mk#L60
On Thu, Jun 27, 2013 at 9:11 AM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> Thanks to Arturo Filastò for pointing this out:
> https://github.com/SilentCircle/silent-phone-base/issues/5
>
> Many remotely executable overflows in the ZRTP library used by Silent
> Circle.
>
> NK
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130628/d45f87fb/attachment.html>
More information about the liberationtech
mailing list