Wednesday, March 5, 2014

Major Linux Security Flaw but, fix is available



The flaw  enables an attacker to spoof GnuTLS' system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping.

By creating a specific type of fake certificate, an attacker could trick GnuTLS into accepting it as genuine, granting access to an otherwise-secure connection. This done, the intruder could monitor traffic flowing through the connection in plain text, and even interject code of his own, potentially opening further avenues of attack.


Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole


The links below has more details:

http://www.cio.com/article/749202/Major_Security_Flaw_Threatens_Linux_Users

No comments:

Post a Comment