Discussion:
[freetds] freetds have some ssl security problems
润青杨
2014-10-23 14:14:14 UTC
Permalink
Hi guys,
Recently, our group are trying to find ssl security problems by static
anlysis. Now we have find some problems in freetds-bin and report this bugs
to the launchpad, but we haven't receive any responses.
Could you please take a look at this bug:
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1376592
Thanks,
Rainkin
Frediano Ziglio
2014-10-23 15:06:39 UTC
Permalink
Post by 润青杨
Hi guys,
Recently, our group are trying to find ssl security problems by static
anlysis. Now we have find some problems in freetds-bin and report this bugs
to the launchpad, but we haven't receive any responses.
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1376592
Thanks,
Rainkin
Thank you,
I think you are right.

However there is mainly a problem in the default configuration. By
default when you install a server it use quite silently a self-signed.
This means mainly that a man in the middle is just behind the door.

Frediano
Frediano Ziglio
2014-10-23 16:12:07 UTC
Permalink
Post by Frediano Ziglio
Post by 润青杨
Hi guys,
Recently, our group are trying to find ssl security problems by static
anlysis. Now we have find some problems in freetds-bin and report this bugs
to the launchpad, but we haven't receive any responses.
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1376592
Thanks,
Rainkin
Thank you,
I think you are right.
However there is mainly a problem in the default configuration. By
default when you install a server it use quite silently a self-signed.
This means mainly that a man in the middle is just behind the door.
Frediano
Yes, there should be some option. Specifically we should test
everything having some options to disable some checks. Also location
for root certificate should be required.

Frediano

Loading...