Date: Fri, 19 Mar 2004 11:51:53 +0300 From: "Andrew L. Neporada" <andr@dgap.mipt.ru> To: Lev Walkin <vlm@netli.com> Cc: freebsd-security@freebsd.org Subject: Re: latest openssl vulnerability Message-ID: <20040319085153.GA17005@nas.dgap.mipt.ru> In-Reply-To: <405AA511.6070805@netli.com> References: <20040318201727.GA14840@nas.dgap.mipt.ru> <20040318203310.GA51002@madman.celabo.org> <405AA511.6070805@netli.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote: > Jacques A. Vidrine wrote: > >On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > > > >>Is it true that (dynamic) binaries are vulnerable if and only if they are > >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > > > >Yes, the bug is in libssl. > > > No, the libssl library might as well be compiled in statically into an > otherwise dynamic binary. So, if a dynamic binary is not linked with > libssl.so.*, it isn't a reliable indicator of a vulnerability. Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base install, right? > > > -- > Lev Walkin > vlm@netli.com Andrew.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040319085153.GA17005>