[nycbug-talk] what is the threat of the openssl advisory?

George Georgalis george at galis.org
Thu Sep 28 19:22:13 EDT 2006


There was an openssl advisory today

http://www.openssl.org/news/secadv_20060928.txt
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

my primary concern is

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function.  An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer
 (CVE-2006-3738).

there is no comment on if an exploit is known to exist or how
difficult (or easy) it would be to create one based on the patch.
http://security.freebsd.org/patches/SA-06:23/

In fact the netbsd openssl looks pretty different than freebsd
in the context of applying the patch. Can we determine a level
of risk?  Are all ssl, openvpn, ssh, https, etc servers needing
access restricted to friendly IPs or is the threat just one bit
inside "astronomically possible?" -- I cannot tell.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><



More information about the talk mailing list