[Full-Disclosure] OpenSSL - dynamically linked binaries?

• Previous message: Troy: "Re: [Full-Disclosure] NEVER open attachments"
• Next in thread: Honza Vlach: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Maybe reply: Honza Vlach: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Reply: ja6.com: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Reply: Bram Matthys (Syzop): "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Mon, 22 Mar 2004 10:27:12 +0100

Hello,
I have upgraded my servers to latest OpenSSL version (0.9.7d) and
restarted all daemons linked to it. Still, I'm a bit confused about what
else should I recompile.

I have checked apache mod_ssl and php module, which are both dynamically
linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
was compiled against.

Does this mean, that I'm still vulnerable, or it is just version
hardcoded to the binary, while the library itself was sucessfully
reloaded?

What should be recompiled when there is new OpenSSL version issued?

Have a nice day,
Honza Vlach

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/pgp-signature attachment: stored

• Previous message: Troy: "Re: [Full-Disclosure] NEVER open attachments"
• Next in thread: Honza Vlach: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Maybe reply: Honza Vlach: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Reply: ja6.com: "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Reply: Bram Matthys (Syzop): "Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] OpenSSL - dynamically linked binaries? ... I recently recompiled my mod_ssl apache box and php.... ... for the openssl ... had to recompile both php and apache to get the updated linkage... ... Honza Vlach wrote: ... (Full-Disclosure) [Full-Disclosure] OpenSSL problem: is mod_ssl also vulnerable? ... > The key to the openssl issue is the same here, get fixed openssl sources, ... > and recompile with them as the reference bases just as with mod-ssl ... > of whther there is a new mm package available. ... openssl libraries and as long as your apache daemon is ... (Full-Disclosure) R: OpenSSL Vulnerability and OpenSSH ... recompile Apache+mod_ssl ... Oggetto: RES: OpenSSL Vulnerability and OpenSSH ... applications using OpenSSL to provide SSL or TLS...", i did it (apache, ... libcrypto. ... (Vuln-Dev) Re: How to exploit gain root of OpenSSL? ... The remote host seems to be ... running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. ... Spawns a nobody/apache shell on Apache, root on other servers. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: openssl 0.9.8 breaking things ... >> Just upgraded to openssl 0.9.8 and things are breaking, ... > you need to recompile your software against new ... (freebsd-questions)