Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Multiple vulnerabilities in Silent Circle

Steve Weis steveweis at gmail.com
Fri Jun 28 13:34:00 PDT 2013


SilentCircle may also be vulernable to this DoS against the PolarSSL
library:
http://bureauofsabotage.com/report001.txt

Apparently, an attacker can send the PolarSSL lib into an infinite loop
with a malformed certificate. It affects versions 1.1.0 up to 1.2.8.
SilentCircle is using 1.1.1 here:
https://github.com/SilentCircle/silent-phone-android/blob/ffd18e90251db4964db210d6348352465531544e/jni/Android.mk#L60


On Thu, Jun 27, 2013 at 9:11 AM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Thanks to Arturo Filastò for pointing this out:
> https://github.com/SilentCircle/silent-phone-base/issues/5
>
> Many remotely executable overflows in the ZRTP library used by Silent
> Circle.
>
> NK
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130628/d45f87fb/attachment.html>


More information about the liberationtech mailing list