latest openssl vulnerability
Andrew L. Neporada
andr at dgap.mipt.ru
Fri Mar 19 00:51:55 PST 2004
On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote:
> Jacques A. Vidrine wrote:
> >On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote:
> >
> >>Is it true that (dynamic) binaries are vulnerable if and only if they are
> >>linked with libssl.so.3, not with libcrypt or libcrypto?
> >
> >
> >Yes, the bug is in libssl.
>
>
> No, the libssl library might as well be compiled in statically into an
> otherwise dynamic binary. So, if a dynamic binary is not linked with
> libssl.so.*, it isn't a reliable indicator of a vulnerability.
Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base
install, right?
>
>
> --
> Lev Walkin
> vlm at netli.com
Andrew.
More information about the freebsd-security
mailing list