[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-security
Subject: Re: OpenSSL heads-up
From: "Jacques A. Vidrine" <nectar () freebsd ! org>
Date: 2003-09-30 21:49:58
[Download RAW message or body]
On Tue, Sep 30, 2003 at 02:43:37PM -0700, Dragos Ruiu wrote:
> On September 30, 2003 01:31 pm, Jacques A. Vidrine wrote:
> > Don't panic. The vulnerability is denial-of-service.
>
> On September 30, 2003 07:52 am, Chris Wysopal wrote on Vulnwatch:
> > Three specific vulnerabilities have been discovered in the OpenSSL
> > libraries. Two of these could allow a Denial of Service attack, the third
> > may result in an attacker being able to execute malicious code under
> > certain conditions.
>
> Please clarify. Conflicting information.
<URL: http://www.openssl.org/news/secadv_20030930.txt >
1. Certain ASN.1 encodings that are rejected as invalid by the
parser can trigger a bug in the deallocation of the corresponding
data structure, corrupting the stack. This can be used as a denial
of service attack. It is currently unknown whether this can be
exploited to run malicious code. This issue does not affect OpenSSL
0.9.6.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic