http://www.openssl.org/news/secadv_20060905.txt
Mike Tancsa
mike at sentex.net
Tue Sep 5 15:56:35 UTC 2006
At 10:53 AM 9/5/2006, Mike Tancsa wrote:
>Does anyone know the practicality of this attack ? i.e. is this
>trivial to do ?
Also, for RELENG_6, can someone confirm the patch referenced in
http://www.openssl.org/news/patch-CVE-2006-4339.txt
be applied with the one change of
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
to
+{RSA_R_PKCS1_PADDING_TOO_SHORT,"pkcs1 padding too short"},
I manually added in the diffs and everything seems to compile and
function with some limited testing. I did
cd /usr/src/crypton/openssl/crypto/rsa
patch < p
cd /usr/src/secure
make clean
make obj
make depend
make includes
make
make install
> ---Mike
>
>--------------------------------------------------------------------
>Mike Tancsa, tel +1 519 651 3400
>Sentex Communications, mike at sentex.net
>Providing Internet since 1994 www.sentex.net
>Cambridge, Ontario Canada www.sentex.net/mike
>
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p
Type: application/octet-stream
Size: 2392 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060905/d5d85314/p.obj
More information about the freebsd-security
mailing list