FreeBSD-SA-04:05.openssl question

From: Rostislav Krasny (rosti_bsd_at_yahoo.com)
Date: 03/18/04

Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"

Previous message: Jacques A. Vidrine: "Re: FreeBSD Security Advisories ( openssl )"
Next in thread: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"
Reply: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 17 Mar 2004 16:45:00 -0800 (PST)
To: freebsd-security@freebsd.org

Hello there.

The FreeBSD-SA-04:05.openssl Security Advisory announced a
"null-pointer assignment during SSL handshake" DoS vulnerability.
However, the OpenSSH Security Advisory of 17 March 2004 announced the
same vulnerability with one more vulnerability. Look at
http://www.openssl.org/news/secadv_20040317.txt
Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects
Kerberos ciphersuites" security problem?

Thanks

__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"

Previous message: Jacques A. Vidrine: "Re: FreeBSD Security Advisories ( openssl )"
Next in thread: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"
Reply: Dag-Erling Smørgrav: "Re: FreeBSD-SA-04:05.openssl question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] ActiveSync Denial of Service Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... By "pretending" to be an iPAQ and connecting to TCP port 5679, ... sending a corrupted "I would like to sync with you" packet, ... Sample code to demonstrate the vulnerability is shown below: ...
(Securiteam)
WSPortal version 1.0 Path Disclosure Vulnerability
... WSPortal version 1.0 Path Disclosure Vulnerability ... WSPortal is a site management system coded in PHP/MySQL. ... There is no official fix at the release of this Security Advisory. ...
(Bugtraq)
DGNews version 2.1 Path Disclosure Vulnerability
... DGNews version 2.1 Path Disclosure Vulnerability ... DGNews is small and simple but powered news publishing. ... There is no official fix at the release of this Security Advisory. ...
(Bugtraq)
iDEFENSE Security Advisory 06.23.05: RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerab
... RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability ... The vendor has addressed this issue in the following security advisory: ...
(Bugtraq)
[VulnWatch] iDEFENSE Security Advisory 06.23.05: RealNetworks RealPlayer RealText Parsing Heap Overf
... RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability ... The vendor has addressed this issue in the following security advisory: ...
(VulnWatch)