From owner-freebsd-security@FreeBSD.ORG  Tue Sep 30 14:45:23 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2BFF416A4B3; Tue, 30 Sep 2003 14:45:23 -0700 (PDT)
Received: from post.kyx.net (mail.kyx.net [216.232.31.82])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3650E43FF3; Tue, 30 Sep 2003 14:45:22 -0700 (PDT)
	(envelope-from dr@kyx.net)
Received: from zylinator.zorg (unknown [216.232.31.80])
	by post.kyx.net (Postfix) with ESMTP
	id CB26FD09F5; Tue, 30 Sep 2003 14:47:58 -0700 (PDT)
From: Dragos Ruiu <dr@kyx.net>
Organization: All Terrain Ninjas
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	freebsd-security@FreeBSD.org
Date: Tue, 30 Sep 2003 14:43:37 -0700
User-Agent: KYX-CP/M-FNORD5602
References: <20030930203150.GC1996@madman.celabo.org>
In-Reply-To: <20030930203150.GC1996@madman.celabo.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200309301443.37090.dr@kyx.net>
Subject: Re: OpenSSL heads-up
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2003 21:45:23 -0000

On September 30, 2003 01:31 pm, Jacques A. Vidrine wrote:
>   Don't panic.  The vulnerability is denial-of-service.

On September 30, 2003 07:52 am, Chris Wysopal wrote on Vulnwatch:
> Three specific vulnerabilities have been discovered in the OpenSSL
> libraries. Two of these could allow a Denial of Service attack, the third
> may result in an attacker being able to execute malicious code under
> certain conditions.

Please clarify. Conflicting information.

thanks,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
pgpkey http://dragos.com/ kyxpgp