Results 1 to 4 of 4

Thread: open-ssl vuln & new fixing version

  1. #1
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Exclamation open-ssl vuln & new fixing version

    Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which
    could lead to the compromise of clients and servers with DTLS enabled.

    DTLS is a datagram variant of TLS specified in RFC 4347 first
    supported in OpenSSL version 0.9.8. Note that the vulnerabilities do
    not affect SSL and TLS so only clients and servers explicitly using
    DTLS are affected.

    We believe this flaw will permit remote code execution.

    This vulnerability is tracked as CVE-2007-4995.

    Versions Affected
    - -----------------

    All releases of 0.9.8 prior to 0.9.8f.

    Recommendation
    - --------------

    Either

    a) Upgrade to the latest version of OpenSSL (0.9.8f) and rebuild all
    packages using OpenSSL for DTLS.

    http://packetstorm.offensive-securit...-0.9.8f.tar.gz
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #2
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Just a quite note on this. If you configure and compile OpenSSL with the shared(shared libraries) option, you may need to update SSH(I had to)...

    E
    dd if=/dev/urandom of=/mybrain

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by elazar View Post
    Just a quite note on this. If you configure and compile OpenSSL with the shared(shared libraries) option, you may need to update SSH(I had to)...

    E
    I caught that notice on 0.9.8f... but didn't even think about updating ssh!!!! Thanx man... I owe you a brew for that one
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Quote Originally Posted by swc666 View Post
    I caught that notice on 0.9.8f... but didn't even think about updating ssh!!!! Thanx man... I owe you a brew for that one
    Im gonna hold you to that the next time your in NYC...
    dd if=/dev/urandom of=/mybrain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •