Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mike Tancsa (mikesentex.net)
Date: Fri Oct 05 2007 - 11:13:34 CDT
At 12:05 PM 10/5/2007, Simon L. Nielsen wrote:
>On 2007.10.03 19:49:31 -0400, Mike Tancsa wrote:
> > At 05:43 PM 9/28/2007, Stefan Esser wrote:
> >> I did not see any commits to the OpenSSL code, recently; is anybody
> >> going to commit the fix?
> >> See http://www.securityfocus.com/archive/1/480855/30/0 for details ...
> > How serious is this particular issue ? Is it easily exploitable, or
> > difficult to do ? Are some apps more at risk of exploitation
> than others ?
> > e.g. ssh,apache ?
>(/me kicks mutt again for not showing new mails in mailboxes...)
>Anyway, I don't think it's very likely many people are affected by
>this since not many programs call SSL_get_shared_ciphers(). No
>application in the base system calls SSL_get_shared_ciphers acording
>to grep, other than openssl(1)'s built in ssl client/server.
>I also did a quick grep in apache 2.2 (I think it was 2.2) and it
>didn't reference the function either, but this was a quick check so if
>it matters to anyone, check yourself.
Thanks! I did the same grep, but wasnt sure whether or not that
particular function (SSL_get_shared_ciphers) got called by another
function in OpenSSL which was originally called by some of the big
apps like sendmail,apache and sshd
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"