N/A

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.

N/A

N/A

PolarSSL安全绕过漏洞

PolarSSL中存在安全绕过漏洞。攻击者可利用该漏洞执行中间人攻击或冒充受信任的服务器，这将有助于进一步的攻击。注意：攻击者利用该漏洞需要以下的加密套件禁用完全认证：1) SSL_EDH_RSA_DES_168_SHA 2) SSL_EDH_RSA_AES_128_SHA 3) SSL_EDH_RSA_AES_256_SHA 4) SSL_EDH_RSA_CAMELLIA_128_SHA 5) SSL_EDH_RSA_CAMELLIA_256_SHA。PolarSSL 0.14.2之前版本和0.99-p

N/A

N/A