From owner-freebsd-security@FreeBSD.ORG  Fri Jun  5 06:37:16 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4233A1065673
	for <freebsd-security@freebsd.org>;
	Fri,  5 Jun 2009 06:37:16 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id B409A8FC14
	for <freebsd-security@freebsd.org>;
	Fri,  5 Jun 2009 06:37:14 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru;
	h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender;
	b=ZPefVnADsYkjJKEQIxk2sJt3I5Vqdld4nb2knb5AbMyOwoeKAGnMTB6gX8cWD4SpEPybjUQmKJMJOKWkqXOQiNR7jsdm+pwsRl2d14IfwScm6b44lb2ueTPk+lK6v5ttGii+dR7VPwyrix75D7y/cba9GZRia4GZ+5/0czcPAF0=;
Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25])
	by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256)
	id 1MCT3A-000Bwv-DG; Fri, 05 Jun 2009 10:37:12 +0400
Date: Fri, 5 Jun 2009 10:37:10 +0400
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: Oliver Pinter <oliver.pntr@gmail.com>
Message-ID: <Jhkbktl1PY/9FSE2gd1DnCga+iM@j4OYE6OL8eALCd4BvSxIfwgoxSc>
References: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com>
Sender: rea-fbsd@codelabs.ru
Cc: freebsd-security@freebsd.org
Subject: Re: OpenSSL DoS/PoC in milw0rm
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: rea-fbsd@codelabs.ru
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2009 06:37:16 -0000

Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote:
> the base system contins 0.9.8e and this PoC is affected up to 0.9.8i

There was combined PR for the ports/base system OpenSSL,
  http://www.freebsd.org/cgi/query-pr.cgi?pr=134653

Probably more complete patch for DTLS stuff,
  http://sctp.fh-muenster.de/dtls/dtls-bugs.patch
that additionally fixes MTU problems and other stuff can be integrated
to the base system as it was recently done with the security/openssl.
I am in ENOTIME now, so I'm not able to test these patches myself, sorry.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #