The flaw enables an attacker to spoof GnuTLS' system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping.
By creating a specific type of fake certificate, an attacker could trick GnuTLS into accepting it as genuine, granting access to an otherwise-secure connection. This done, the intruder could monitor traffic flowing through the connection in plain text, and even interject code of his own, potentially opening further avenues of attack.
Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole
The links below has more details:
http://www.cio.com/article/749202/Major_Security_Flaw_Threatens_Linux_Users
No comments:
Post a Comment