Project

General

Profile

Issue #1029

SSLv3 (aka POODLE) vulnerability - CVE-2014-3566

Added by My Self almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
High
Category:
Security
Target version:
Start date:
11/06/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

#1

Updated by Denis 'GNUtoo' Carikli almost 7 years ago

  • Category changed from 51 to Security

That one seems very serious, If I remember well it's a downgrade attack to a weaker encryption, which is "easily" breakable.

Denis.

#2

Updated by My Self almost 7 years ago

That's correct. More technical informations here: https://www.openssl.org/~bodo/ssl-poodle.pdf
I've verified the vulnerability of Replicant over: https://www.poodletest.com/

#3

Updated by My Self almost 7 years ago

I've found some more test pages:
https://zmap.io/sslv3/
https://www.ssllabs.com/ssltest/viewMyClient.html
The last one ist the one with the most details...

Furthermore I've found this blog post from the Google Security Team:
http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html

For example reasons, here are the merged commits for this patches from the OMNI project:
https://gerrit.omnirom.org/#/q/topic:%22CVE-2014-3566+%28POODLE%29%22

Hope this helps.

#4

Updated by Paul Kocialkowski almost 7 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Everything pushed to the repositories, will be part of the next batch of images.

Also available in: Atom PDF