From owner-freebsd-security@FreeBSD.ORG  Fri Oct  5 16:21:58 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F109C16A418
	for <freebsd-security@freebsd.org>;
	Fri,  5 Oct 2007 16:21:58 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.freebsd.org (Postfix) with ESMTP id 99C3313C4A5
	for <freebsd-security@freebsd.org>;
	Fri,  5 Oct 2007 16:21:58 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id C7B212D49E7;
	Fri,  5 Oct 2007 16:05:04 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id 7F7E91149D; Fri,  5 Oct 2007 18:05:04 +0200 (CEST)
Date: Fri, 5 Oct 2007 18:05:04 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Mike Tancsa <mike@sentex.net>
Message-ID: <20071005160502.GA1222@zaphod.nitro.dk>
References: <46FD7595.8090506@FreeBSD.org>
	<200710032349.l93Nn8Co011720@lava.sentex.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200710032349.l93Nn8Co011720@lava.sentex.ca>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: freebsd-security@freebsd.org, Stefan Esser <se@freebsd.org>
Subject: Re: OpenSSL bufffer overflow
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2007 16:21:59 -0000

On 2007.10.03 19:49:31 -0400, Mike Tancsa wrote:
> At 05:43 PM 9/28/2007, Stefan Esser wrote:
>> I did not see any commits to the OpenSSL code, recently; is anybody
>> going to commit the fix?
>> 
>> See http://www.securityfocus.com/archive/1/480855/30/0 for details ...
> 
> How serious is this particular issue ? Is it easily exploitable, or 
> difficult to do ?  Are some apps more at risk of exploitation than others ? 
> e.g. ssh,apache ?

(/me kicks mutt again for not showing new mails in mailboxes...)

Anyway, I don't think it's very likely many people are affected by
this since not many programs call SSL_get_shared_ciphers().  No
application in the base system calls SSL_get_shared_ciphers acording
to grep, other than openssl(1)'s built in ssl client/server.

I also did a quick grep in apache 2.2 (I think it was 2.2) and it
didn't reference the function either, but this was a quick check so if
it matters to anyone, check yourself.

-- 
Simon L. Nielsen
FreeBSD Security Team