openssl issue
Bevan C. Bennett
bevan at fulcrummicro.com
Sat Mar 20 00:18:22 UTC 2004
Christopher Ness wrote:
> In this specific case I would encourage you to install the testing
> package IF you are worried about your SSL installation. It is your best
> bet against getting cracked.
By my reading of the relevant advisories, this flaw doesn't involve any
risk of being cracked, it just opens you up to potential DoSing.
This makes the need for an immediate upgrade less pressing than a more
dangerous bug would, depending on your needs for constant uptime and the
likelihood of someone targeting you.
You should always make a note of what the potential effects of an
exploit are... despite a certain OS vendor's recent track record, not
every security flaw results in system compromise.
----------------------------------------
Technical Cyber Security Alert TA04-078A
Multiple Vulnerabilities in OpenSSL
Original release date: March 18, 2004
Last revised: --
Source: US-CERT
Systems Affected
* Applications and systems that use the OpenSSL SSL/TLS library
Overview
Several vulnerabilities in the OpenSSL SSL/TLS library could allow an
unauthenticated, remote attacker to cause a denial of service.
----------------------------------------
More information about the users
mailing list