|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jeffrey Altman (jaltman_at_COLUMBIA.EDU)
Date: Tue Aug 06 2002 - 07:17:23 CDT
I sure hope they did not simply replace a previous version of OpenSSL
with 0.9.6e. 0.9.6e changes the attack from
I can execute code if I do it right
to
I can bring down your server if I do anything at all
This is because the fix for 0.9.6e simply adds an assertion and a call
to abort() at each place that was vulnerable. Correctly implemented
patches have been written and submitted into the current snapshots. A
release date for 0.9.6f has not been announced yet.
>
> What is new in VMware GSX Server 2.0.1?
> ---------------------------------------
>
> VMware GSX Server 2.0.1 includes:
>
> - An updated version of OpenSSL with fixes for the buffer
> overflow vulnerabilities reported in CERT Advisory CA-2002-23
> (http://www.cert.org/advisories/CA-2002-23.html). This
> vulnerability exists in the Windows and Linux versions of GSX
> Server 2.0.0 build 2050.
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project 
Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and
kermit-supportcolumbia.edu OpenSSL.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]