openssl issue

Bevan C. Bennett bevan at fulcrummicro.com
Sat Mar 20 00:18:22 UTC 2004


Christopher Ness wrote:

> In this specific case I would encourage you to install the testing
> package IF you are worried about your SSL installation.  It is your best
> bet against getting cracked.

By my reading of the relevant advisories, this flaw doesn't involve any 
risk of being cracked, it just opens you up to potential DoSing.

This makes the need for an immediate upgrade less pressing than a more 
dangerous bug would, depending on your needs for constant uptime and the 
likelihood of someone targeting you.

You should always make a note of what the potential effects of an 
exploit are... despite a certain OS vendor's recent track record, not 
every security flaw results in system compromise.

----------------------------------------
Technical Cyber Security Alert TA04-078A

Multiple Vulnerabilities in OpenSSL
    Original release date: March 18, 2004
    Last revised: --
    Source: US-CERT

Systems Affected
      * Applications and systems that use the OpenSSL SSL/TLS library

Overview
    Several vulnerabilities in the OpenSSL SSL/TLS library could allow an
    unauthenticated, remote attacker to cause a denial of service.
----------------------------------------





More information about the users mailing list