|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
From: Bjoern A. Zeeb (bzeeb-lists
lists.zabbadoz.net)
Date: Sat Oct 04 2003 - 10:22:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote:
Hi,
thanks for previous help/clarification that only the libs need
rebuilding.
> III. Impact
>
> A remote attacker may create a malicious ASN.1 encoded message that
> will cause an OpenSSL-using application to crash, or even perhaps
> execute arbitrary code with the privileges of the application.
>
> Only applications that use OpenSSL's ASN.1 or X.509 handling code
> are affected. Applications that use other portions of OpenSSL
> are unaffected (e.g. Apache+mod_ssl is affected, while OpenSSH is
> unaffected).
Another question: can someone please confirm that mod_ssl.so from
apache 2.0.47 port is _not_ affected ?
I have rebuilt libssl, libcrypto and installed them (they all differ
from the old libs after make install) and done a rebuild of
mod_ssl. But the new mod_ssl.so doesn't differ from the one
built late August:
[ports]apache2/work/httpd-2.0.47/modules/ssl/.libs> md5 mod_ssl.so
MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457
/usr/local/libexec/apache2> md5 mod_ssl.so
MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457
Also diff does not say that the binary files would differ.
Thanks in advance.
--
Greetings
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]