latest openssl vulnerability
Lev Walkin
vlm at netli.com
Thu Mar 18 23:44:13 PST 2004
Jacques A. Vidrine wrote:
> On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote:
>
>>Is it true that (dynamic) binaries are vulnerable if and only if they are
>>linked with libssl.so.3, not with libcrypt or libcrypto?
>
>
> Yes, the bug is in libssl.
No, the libssl library might as well be compiled in statically into an
otherwise dynamic binary. So, if a dynamic binary is not linked with
libssl.so.*, it isn't a reliable indicator of a vulnerability.
--
Lev Walkin
vlm at netli.com
More information about the freebsd-security
mailing list