From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 15:09:42 2007 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AE5D16A419 for ; Thu, 4 Oct 2007 15:09:42 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo3so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 5B8BE13C45D for ; Thu, 4 Oct 2007 15:09:42 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mr1so.prod.shaw.ca (pd3mr1so-qfe3.prod.shaw.ca [10.0.141.177]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JPE001HD4NFRK30@l-daemon> for questions@freebsd.org; Thu, 04 Oct 2007 08:09:15 -0600 (MDT) Received: from pn2ml8so.prod.shaw.ca ([10.0.121.152]) by pd3mr1so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JPE0041A4NFGI60@pd3mr1so.prod.shaw.ca> for questions@freebsd.org; Thu, 04 Oct 2007 08:09:16 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.201.197]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JPE00BVF4NEQ6H1@l-daemon> for questions@freebsd.org; Thu, 04 Oct 2007 08:09:14 -0600 (MDT) Received: (qmail 1141 invoked from network); Thu, 04 Oct 2007 14:09:04 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Thu, 04 Oct 2007 14:09:04 +0000 Date: Thu, 04 Oct 2007 07:09:03 -0700 From: Colin Percival In-reply-to: <8e10486b0710040653w291bb6e2h2a73cd41812b0b70@mail.gmail.com> To: Alexandre Biancalana Message-id: <4704F3FF.1030300@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <8e10486b0710040653w291bb6e2h2a73cd41812b0b70@mail.gmail.com> User-Agent: Thunderbird 2.0.0.6 (X11/20070812) Cc: questions@freebsd.org Subject: Re: What is affected by FreeBSD-SA-07:08.openssl ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 15:09:42 -0000 Alexandre Biancalana wrote: > $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null > /usr/src/crypto/openssl/apps/s_client.c > /usr/src/crypto/openssl/apps/s_server.c > /usr/src/crypto/openssl/doc/ssleay.txt > /usr/src/crypto/openssl/doc/ssl/ssl.pod > /usr/src/crypto/openssl/ssl/ssl.h > /usr/src/crypto/openssl/ssl/ssl_lib.c > /usr/src/crypto/openssl/util/ssleay.num > /usr/src/secure/lib/libssl/man/ssl.3 > > Doesn't revel much about what is affected by this bug.... Have someone made > some deeper analysis about what is affected ? It doesn't look like anything in the base system uses this function, but I just zgrepped my /usr/ports/distfiles and found that mysql uses this if it is compiled with DBUG_OFF not defined. Assuming that you keep all of your ports distfiles, you can run $ zgrep -R SSL_get_shared_ciphers /usr/ports/distfiles and any applications which use said function will probably show up. But as for a deep analysis -- not that I'm aware of. We fixed this because there might be an application which used this function in a way which made this buffer overflow exploitable, not because we knew that such an application existed. Colin Percival FreeBSD Security Officer