[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] openssl exploitable still?

Subject: Re: [cobalt-security] openssl exploitable still?
From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
Date: Tue, 17 Feb 2004 23:11:11 +0300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>
> Doesnt that mean my openssl/modssl is external library which can be
> upgraded without redoing apache/php4.3.3 and whatnot all over?
>

Yes. Just compile mod_ssl outside of apache.
But you really should not worry about some public exploits - a cracker 
needs to know the addrees of free() function in your binary. If they 
have your httpd, they can exploit it. 

Dmitry

Follow-Ups:
- Re: [cobalt-security] openssl exploitable still?
  - From: lists

References:
- [cobalt-security] openssl exploitable still?
  - From: lists
- Re: [cobalt-security] openssl exploitable still?
  - From: Dmitry Alexeyev
- Re: [cobalt-security] openssl exploitable still?
  - From: lists

Prev by Date: Re: [cobalt-security] openssl exploitable still?
Next by Date: Re: [cobalt-security] ssh listening on ports 81 & 444
Previous by thread: Re: [cobalt-security] openssl exploitable still?
Next by thread: Re: [cobalt-security] openssl exploitable still?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index