FreeBSD-SA-04:05.openssl question

From: Rostislav Krasny (rosti_bsd_at_yahoo.com)
Date: 03/18/04

  • Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"
    Date: Wed, 17 Mar 2004 16:45:00 -0800 (PST)
    To: freebsd-security@freebsd.org
    
    

    Hello there.

    The FreeBSD-SA-04:05.openssl Security Advisory announced a
    "null-pointer assignment during SSL handshake" DoS vulnerability.
    However, the OpenSSH Security Advisory of 17 March 2004 announced the
    same vulnerability with one more vulnerability. Look at
    http://www.openssl.org/news/secadv_20040317.txt
    Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects
    Kerberos ciphersuites" security problem?

    Thanks

    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - More reliable, more storage, less spam
    http://mail.yahoo.com
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"

    Relevant Pages

    • [NT] ActiveSync Denial of Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... By "pretending" to be an iPAQ and connecting to TCP port 5679, ... sending a corrupted "I would like to sync with you" packet, ... Sample code to demonstrate the vulnerability is shown below: ...
      (Securiteam)
    • [Full-disclosure] Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC
      ... (Microsoft SQL Server sp_replwritetovarbin limited memory overwrite ... This vulnerability has been described in a prior security ... Our public security advisory has been updated accordingly: ... Remove the sp_replwriterovarbin extended stored procedure. ...
      (Full-Disclosure)
    • Re: MS09-032 Installation
      ... Security Advisory 953839, Microsoft Security Advisory 956391, Microsoft ... Vulnerability - CVE-2008-0015, as does the FixIt some had used before ... be a mistake to "undo" the workaround, ... What would happen if I install this update and then undo the ...
      (microsoft.public.security)
    • Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-200812
      ... (Microsoft SQL Server sp_replwritetovarbin limited memory overwrite ... This vulnerability has been described in a prior security ... Our public security advisory has been updated accordingly: ... Remove the sp_replwriterovarbin extended stored procedure. ...
      (Bugtraq)
    • WSPortal version 1.0 Path Disclosure Vulnerability
      ... WSPortal version 1.0 Path Disclosure Vulnerability ... WSPortal is a site management system coded in PHP/MySQL. ... There is no official fix at the release of this Security Advisory. ...
      (Bugtraq)