[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] OpenSSL Advisory?

Subject: Re: [cobalt-security] OpenSSL Advisory?
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: Wed, 01 Oct 2003 09:04:14 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 2003-10-01 at 08:30, Michael Stauber wrote:

> Lets look at another crucial service: OpenSSH. Both PKGmaster.com and 
> Solarspeed.net have OpenSSH PKGs which are statically compiled against a now 
> vulnerable OpenSSL.

*If* I understand the previous explanations right, it is "ssl" part of
OpenSSL that is vulnerable (to the injection of a special client
certificate).  As far as I understand, openssh only uses "crypto" part
of the OpenSSL package, which probably makes it unaffected by the bugs
in the "ssl" part.

Eugene

Follow-Ups:
- Re: [cobalt-security] OpenSSL Advisory?
  - From: Greg Boehnlein
- Re: [cobalt-security] OpenSSL Advisory?
  - From: Michael Stauber

References:
- [cobalt-security] OpenSSL Advisory?
  - From: Charlie Clemmer
- Re: [cobalt-security] OpenSSL Advisory?
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] OpenSSL Advisory?
Next by Date: Re: [cobalt-security] OpenSSL Advisory?
Previous by thread: Re: [cobalt-security] OpenSSL Advisory?
Next by thread: Re: [cobalt-security] OpenSSL Advisory?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index