Re: latest openssl vulnerability

看板FB_security作者時間22年前 (2004/03/20 00:52), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/5 (看更多)
On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote: > Jacques A. Vidrine wrote: > >On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > > > >>Is it true that (dynamic) binaries are vulnerable if and only if they are > >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > > > >Yes, the bug is in libssl. > > > No, the libssl library might as well be compiled in statically into an > otherwise dynamic binary. So, if a dynamic binary is not linked with > libssl.so.*, it isn't a reliable indicator of a vulnerability. Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base install, right? > > > -- > Lev Walkin > vlm@netli.com Andrew. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 andr. 的文章
文章代碼(AID): #10MoLM00 (FB_security)
更多 andr. 的文章
文章代碼(AID): #10MoLM00 (FB_security)