OpenSSL Vulnerability and OpenSSH

From: Eric Maiwald (emaiwald@fred.net)
Date: 09/20/02 

Date: Fri, 20 Sep 2002 09:05:59 -0400 (EDT)
From: Eric Maiwald <emaiwald@fred.net>
To: vuln-dev@securityfocus.com

We have a vulnerability in OpenSSL 0.9.6d and before. We also know
that OpenSSH requires OpenSSL to be available on servers. Does anyone
know if the same issues affecting OpenSSL on Apache will affect OpenSSL
when used with OpenSSH?

Eric
---------------------------------------------------------------------
Eric Maiwald, CISSP emaiwald@fred.net
Chief Technology Officer 301-977-6966
Fortrex Technologies, Inc. Gaithersburg, MD
---------------------------------------------------------------------

Relevant Pages

  • ANN: M2Crypto 0.20.2
    ... M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, ... functionality to implement clients and servers; ...
    (comp.lang.python)
  • ANN: M2Crypto 0.20.2
    ... M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, ... functionality to implement clients and servers; ...
    (comp.lang.python.announce)
  • Re: How to exploit gain root of OpenSSL?
    ... The remote host seems to be ... running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. ... Spawns a nobody/apache shell on Apache, root on other servers. ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • openssl vulnerability
    ... my openssl? ... before I go unnecessarily rebuilding and reinstall world on all my servers? ...
    (freebsd-questions)
  • [Full-Disclosure] OpenSSL - dynamically linked binaries?
    ... I have upgraded my servers to latest OpenSSL version and ... else should I recompile. ... The thing, that confuses me lot is, when I ... look on the phpinfo, it says "OpenSSL version 0.9.7c", which it ...
    (Full-Disclosure)