From owner-freebsd-security@FreeBSD.ORG  Thu Oct  4 13:39:14 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE4FF16A417
	for <freebsd-security@freebsd.org>;
	Thu,  4 Oct 2007 13:39:14 +0000 (UTC) (envelope-from se@FreeBSD.org)
Received: from spacemail1-out.mgmt.space.net (spacemail1-out.mgmt.Space.Net
	[194.97.149.146])
	by mx1.freebsd.org (Postfix) with ESMTP id 3C06913C459
	for <freebsd-security@freebsd.org>;
	Thu,  4 Oct 2007 13:39:13 +0000 (UTC) (envelope-from se@FreeBSD.org)
X-SpaceNet-SBRS: None
X-IronPort-AV: E=Sophos;i="4.21,230,1188770400"; d="scan'208";a="64618415"
Received: from mail.atsec.com ([195.30.252.105])
	by spacemail1-out.mgmt.space.net with ESMTP; 04 Oct 2007 15:39:12 +0200
Received: from [10.2.2.88] (frueh.atsec.com [217.110.13.170])
	(Authenticated sender: se@atsec.com)
	by mail.atsec.com (Postfix) with ESMTP id D06B0720923;
	Thu,  4 Oct 2007 15:39:11 +0200 (CEST)
Message-ID: <4704ECFC.5070902@FreeBSD.org>
Date: Thu, 04 Oct 2007 15:39:08 +0200
From: Stefan Esser <se@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Mike Tancsa <mike@sentex.net>
References: <46FD7595.8090506@FreeBSD.org>
	<200710032349.l93Nn8Co011720@lava.sentex.ca>
In-Reply-To: <200710032349.l93Nn8Co011720@lava.sentex.ca>
X-Enigmail-Version: 0.95.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 04 Oct 2007 14:47:13 +0000
Cc: freebsd-security@freebsd.org
Subject: Re: OpenSSL bufffer overflow
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2007 13:39:14 -0000

Mike Tancsa schrieb:
> At 05:43 PM 9/28/2007, Stefan Esser wrote:
>> I did not see any commits to the OpenSSL code, recently; is anybody
>> going to commit the fix?
>>
>> See http://www.securityfocus.com/archive/1/480855/30/0 for details ...
> 
> How serious is this particular issue ? Is it easily exploitable, or
> difficult to do ?  Are some apps more at risk of exploitation than
> others ? e.g. ssh,apache ?

Seems that the following URL (from the FreeBSD Security Advisory)
has a better formatted version of the same information as can be
found at the location I had given:

	http://marc.info/?l=bugtraq&m=119091888624735

A trailing '\0' can be written on the position following a buffer,
with little effort. The BugTraq entry describes it in detail ...
But (AFAIK) no further analysis has been performed.

Regards, STefan