[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] OpenSSL Advisory?

Subject: Re: [cobalt-security] OpenSSL Advisory?
From: Greg Boehnlein <damin@xxxxxxxx>
Date: Wed, 1 Oct 2003 10:55:22 -0400 (EDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 1 Oct 2003, Eugene Crosser wrote:

> On Wed, 2003-10-01 at 08:30, Michael Stauber wrote:
> 
> > Lets look at another crucial service: OpenSSH. Both PKGmaster.com and 
> > Solarspeed.net have OpenSSH PKGs which are statically compiled against a now 
> > vulnerable OpenSSL.
> 
> *If* I understand the previous explanations right, it is "ssl" part of
> OpenSSL that is vulnerable

As opposed to the "Open" part? ;) (Sorry.. just couldn't resist! :)

> (to the injection of a special client
> certificate).  As far as I understand, openssh only uses "crypto" part
> of the OpenSSL package, which probably makes it unaffected by the bugs
> in the "ssl" part.

I think anything that exchanges certificates would be likely at risk.

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST

Follow-Ups:
- Re: [cobalt-security] OpenSSL Advisory?
  - From: Eugene Crosser

References:
- Re: [cobalt-security] OpenSSL Advisory?
  - From: Eugene Crosser

Prev by Date: Re: [cobalt-security] OpenSSL Advisory?
Next by Date: [cobalt-security] Getting this after a clean / fresh re-install
Previous by thread: Re: [cobalt-security] OpenSSL Advisory?
Next by thread: Re: [cobalt-security] OpenSSL Advisory?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index