Date: Thu, 18 Mar 2004 23:45:21 -0800 From: Lev Walkin <vlm@netli.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: "Andrew L. Neporada" <andr@dgap.mipt.ru> Subject: Re: latest openssl vulnerability Message-ID: <405AA511.6070805@netli.com> In-Reply-To: <20040318203310.GA51002@madman.celabo.org> References: <20040318201727.GA14840@nas.dgap.mipt.ru> <20040318203310.GA51002@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques A. Vidrine wrote: > On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > >>Is it true that (dynamic) binaries are vulnerable if and only if they are >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > Yes, the bug is in libssl. No, the libssl library might as well be compiled in statically into an otherwise dynamic binary. So, if a dynamic binary is not linked with libssl.so.*, it isn't a reliable indicator of a vulnerability. -- Lev Walkin vlm@netli.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?405AA511.6070805>