Fwd: Re: [FD] More OpenSSL issues
shelley@misanthropia.info
shelley@misanthropia.info
Sat Jun 7 15:30:10 PDT 2014
re: Jim's post from yesterday. From the Full Disclosure list:
On Sat, Jun 7, 2014, at 02:04 PM, Craig Young wrote:
Yeah, definitely not in the same ballpark as heartbleed fortunately.
I have posted a detection script on the Tripwire blog to identify
servers
permitting the early CCS:
http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/
It should detect potentially vulnerable hosts with a variety of
configurations.
Thanks,
Craig
> On Jun 6, 2014 3:36 AM, "P Vixie" <> wrote:
>
> > This does not appear to be the same panic level as the previous patch. In
> > other words the previous openssl vuln was worse than the instability of
> > all-night patching. This one is not. Take time to roll out right.
> >
> > On June 5, 2014 7:51:50 AM PDT, Jordan Urie <> wrote:
> > >Ladies and Gentlemen,
> > >
> > >
> > >
> > >There's an MITM in there, and a potential for buffer over-runs.
> > >
> > >Patch up :-)
> > >
> > >
> > >Jordan
> > >
> > >--
> > >
> > >Jordan R. Urie
> > >
> > >UP Technology Consulting, Inc.
> > >1129 - 177A St. SW
> > >Edmonton, AB T6W 2A1
> > >Phone:
> > >
> > >www.uptech.ca
> > >
> > >_______________________________________________
> > >Sent through the Full Disclosure mailing list
> > >
> > >Web Archives & RSS:
> >
> > --
> > Sent from my Android phone with K-9 Mail. Please excuse my brevity.
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> >
> > Web Archives & RSS:
> >
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
>
> Web Archives & RSS:
More information about the cypherpunks
mailing list