Re: latest openssl vulnerability
From: Lev Walkin (vlm_at_netli.com)
Date: 03/19/04
- Previous message: Andrew L. Neporada: "Re: latest openssl vulnerability"
- In reply to: Andrew L. Neporada: "Re: latest openssl vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Mar 2004 01:19:38 -0800 To: "Andrew L. Neporada" <andr@dgap.mipt.ru>
Andrew L. Neporada wrote:
> On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote:
>
>>Jacques A. Vidrine wrote:
>>
>>>On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote:
>>>
>>>
>>>>Is it true that (dynamic) binaries are vulnerable if and only if they are
>>>>linked with libssl.so.3, not with libcrypt or libcrypto?
>>>
>>>
>>>Yes, the bug is in libssl.
>>
>>
>>No, the libssl library might as well be compiled in statically into an
>>otherwise dynamic binary. So, if a dynamic binary is not linked with
>>libssl.so.*, it isn't a reliable indicator of a vulnerability.
>
>
> Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base
> install, right?
You mean, dynamically linked binaries with statically embedded OpenSSL?
Who knows ;) How can you check it, besides using (nm || strings) & grep?..
-- Lev Walkin vlm@netli.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Andrew L. Neporada: "Re: latest openssl vulnerability"
- In reply to: Andrew L. Neporada: "Re: latest openssl vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
