Date: Tue, 30 Jul 2002 21:24:29 +0200 From: Michael Nottebrock <michaelnottebrock@gmx.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH not using libssl? Message-ID: <3D46E7ED.1040006@gmx.net> References: <121122473609.20020730210032@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Gabriel Ambuehl wrote: > Hi, > I'm somewhat confused now. I wanted to install the openssl port which > worked out fine and tried to figure out what I need to do to get > openssh (which makes the whole thing a disaster) to use the new lib so > I went on and did: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: > libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) > libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) > libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) > libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) > libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) > libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) > libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) > libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) > > Now what's up here? Isn't OpenSSH based on OpenSSL? It uses libcrypto, but it shouldn't be vulnerable. -- Michael Nottebrock "The circumstance ends uglily in the cruel result." - Babelfish [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9RuftXhc68WspdLARAuKaAJ41F79l80Q2+/lmssxpGG8KTfEiAwCeOXLq iRlIoYzMvQ+p0Cvu2tA4nlQ= =siKk -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D46E7ED.1040006>