Regit <[EMAIL PROTECTED]> writes: > The problem was discovered by INL when we were studying a crash of > nuauth, a daemon which is part of the NuFW project > (http://www.nufw.org). During stress test we made on our solution, we > open a lot of tls sessions simultaneously (more than 200). After some > times the application crash with a segfault. > > I will try to write a detailed track record of this security problem :
Thanks a lot! I have created a page for security advisories: http://josefsson.org/gnutls/security.html Your DoS-problem is now called GNUTLS-SA-2005-1. I will add a link to your post once it is in the mailing list archive. If someone wants to add even more information, I can add more links. Everyone is encouraged to write up similar reports for future problems! An archive of reports, similar to yours, will be a very useful resource in a few years, as a reference for what kind security errors occur in the wild, how they are solved, how fast, etc. Having more eyes analyzing each bug would also be useful. So don't let the existence of one report stop you from separately looking into the bug and write up something. I'm not convinced the "Severity" column is useful. Judging the severity might be rather subjective in some cases. Perhaps it will go away. Regards, Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
