Penetration Testing mailing list archives
Re: Openssl proof of concept code?
From: David Kennedy CISSP <david.kennedy () acm org>
Date: Thu, 08 Jan 2004 22:38:25 -0500
-----BEGIN PGP SIGNED MESSAGE----- At 03:46 PM 1/8/04 -0500, Lachniet, Mark wrote:
Its been a while now, and responsible vendors should have already issued patches.
I'm not aware of any POC code, but inferring the community is safe because the patches have been out for a while may not be correct. Yesterday, HP revised HPSBUX0310-284 SSRT3622 to include:
**REVISED 02** IMPACT: Potential Denial of Service, remote execution of ---> arbitrary code and disclosure of sensitive information.
Previously it was DOS-only. It may just be that HP discovered their 10/1 patch needed more work. Or it could be someone has done some more testing and we're going to see some patch announcements in the next few days. Given that HP is not known for excellence in issuing advisories and patches on the first day a problem is discovered, it seems more reasonable they're fixing their patch. But that's just another inference. OTOH their action probably stimulated others to re-look their patches too. "What does HP know that we don't?" <address list trimmed|I won't feed trolls on FullofDis> -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 Comment: Hacker=Cybercriminal The definition changed get over it. iQCVAwUBP/4h6/GfiIQsciJtAQF7rgP/WoHz3NXdI9DGNgirqwPIDZN9G7SPm1iy aKwfJvaV+G7+0t3R899dRIb0U1S1HLuKrcnkAOMoo+ewXbPBLHNY0SkxYwRhuRZ7 9rMi+njnWqR2y59kRaWnDKj9E9A0aCDqICpnwfPloR2jMWLl/Ixl4w9pWmNiIyuL s+5rf8j+WTg= =z0tv -----END PGP SIGNATURE----- -- Regards, /"\ David Kennedy CISSP \ / ASCII Ribbon Campaign Protect what you connect; X Against HTML Mail Look both ways before crossing the Net. / \ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Openssl proof of concept code? Lachniet, Mark (Jan 08)
- Re: Openssl proof of concept code? Bram Matthys (Syzop) (Jan 09)
- Re: Openssl proof of concept code? Ivan Arce (Jan 09)
- Re: [Full-Disclosure] Openssl proof of concept code? John Lampe (Jan 09)
- <Possible follow-ups>
- Re: Openssl proof of concept code? David Kennedy CISSP (Jan 09)