Re: OpenSSL bufffer overflow

看板FB_security作者時間18年前 (2007/10/04 22:48), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/7 (看更多)
Mike Tancsa schrieb: > At 05:43 PM 9/28/2007, Stefan Esser wrote: >> I did not see any commits to the OpenSSL code, recently; is anybody >> going to commit the fix? >> >> See http://www.securityfocus.com/archive/1/480855/30/0 for details ... > > How serious is this particular issue ? Is it easily exploitable, or > difficult to do ? Are some apps more at risk of exploitation than > others ? e.g. ssh,apache ? Seems that the following URL (from the FreeBSD Security Advisory) has a better formatted version of the same information as can be found at the location I had given: http://marc.info/?l=bugtraq&m=119091888624735 A trailing '\0' can be written on the position following a buffer, with little effort. The BugTraq entry describes it in detail ... But (AFAIK) no further analysis has been performed. Regards, STefan _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 se. 的文章
文章代碼(AID): #171Fqd00 (FB_security)
更多 se. 的文章
文章代碼(AID): #171Fqd00 (FB_security)