Additionally, the details about the SSL exploit as well as an implementation of the DNS server are open source as well
=> More informations about this toot | More toots from pretendo@pretendo.network
@pretendo LOL
this looks like... a very similiar bug to one i found in the windows boot environment one time
basically MS added a feature and put the code in the wrong place and overwrote the return value of the cert chain verification function before it was used
so you could just have a cert chain like
real trusted root cert (names and pubkeys hardcoded)
followed by cert with invalid signature with issuer set to that root cert (and pubkey set to your own)
and then sign your PE or whatever by your private key with that cert chain attached to fakesign anything
this never made it into an RTM release, it was noticed and fixed around the same time as another bug was, and i only found it years later, but still
(i did manage to use other bugs at some point to load a boot application with this vuln which was fun)
=> More informations about this toot | More toots from Rairii@fedi.nano.lgbt
@pretendo also that documentation is hard to read, i think "CA" has been used when "certificate" was meant?
=> More informations about this toot | More toots from Rairii@fedi.nano.lgbt
@pretendo Good.
=> More informations about this toot | More toots from ninstar@mastodon.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini