OpenSSL bufffer overflow

Simon L. Nielsen simon at FreeBSD.org
Fri Oct 5 09:21:59 PDT 2007


On 2007.10.03 19:49:31 -0400, Mike Tancsa wrote:
> At 05:43 PM 9/28/2007, Stefan Esser wrote:
>> I did not see any commits to the OpenSSL code, recently; is anybody
>> going to commit the fix?
>> 
>> See http://www.securityfocus.com/archive/1/480855/30/0 for details ...
> 
> How serious is this particular issue ? Is it easily exploitable, or 
> difficult to do ?  Are some apps more at risk of exploitation than others ? 
> e.g. ssh,apache ?

(/me kicks mutt again for not showing new mails in mailboxes...)

Anyway, I don't think it's very likely many people are affected by
this since not many programs call SSL_get_shared_ciphers().  No
application in the base system calls SSL_get_shared_ciphers acording
to grep, other than openssl(1)'s built in ssl client/server.

I also did a quick grep in apache 2.2 (I think it was 2.2) and it
didn't reference the function either, but this was a quick check so if
it matters to anyone, check yourself.

-- 
Simon L. Nielsen
FreeBSD Security Team


More information about the freebsd-security mailing list