[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3.0.5.32.20040108223825.08299960@pop.fuse.net>
Date: Thu, 08 Jan 2004 22:38:25 -0500
From: David Kennedy CISSP <david.kennedy@....org>
To: "Lachniet, Mark" <mlachniet@...uoianet.com>,
<cisspforum@...oogroups.com>, <bugtraq@...urityfocus.com>,
<pen-test@...urityfocus.com>
Subject: Re: Openssl proof of concept code?
-----BEGIN PGP SIGNED MESSAGE-----
At 03:46 PM 1/8/04 -0500, Lachniet, Mark wrote:
>Its been a while now, and responsible vendors should have already
>issued patches.
I'm not aware of any POC code, but inferring the community is safe
because the patches have been out for a while may not be correct.
Yesterday, HP revised HPSBUX0310-284 SSRT3622 to include:
>**REVISED 02**
>IMPACT: Potential Denial of Service, remote execution of
> ---> arbitrary code and disclosure of sensitive information.
>
Previously it was DOS-only.
It may just be that HP discovered their 10/1 patch needed more work.
Or it could be someone has done some more testing and we're going to
see some patch announcements in the next few days. Given that HP is
not known for excellence in issuing advisories and patches on the
first day a problem is discovered, it seems more reasonable they're
fixing their patch. But that's just another inference.
OTOH their action probably stimulated others to re-look their patches
too. "What does HP know that we don't?"
<address list trimmed|I won't feed trolls on FullofDis>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Hacker=Cybercriminal The definition changed get over it.
iQCVAwUBP/4h6/GfiIQsciJtAQF7rgP/WoHz3NXdI9DGNgirqwPIDZN9G7SPm1iy
aKwfJvaV+G7+0t3R899dRIb0U1S1HLuKrcnkAOMoo+ewXbPBLHNY0SkxYwRhuRZ7
9rMi+njnWqR2y59kRaWnDKj9E9A0aCDqICpnwfPloR2jMWLl/Ixl4w9pWmNiIyuL
s+5rf8j+WTg=
=z0tv
-----END PGP SIGNATURE-----
--
Regards,
/"\
David Kennedy CISSP \ / ASCII Ribbon Campaign
Protect what you connect; X Against HTML Mail
Look both ways before crossing the Net. / \
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Powered by blists - more mailing lists