thr3ads.net - Secure testing team - [Secure-testing-team] Re: [SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution [Oct 2006]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Florian Weimer

2006-Oct-03 13:12 UTC

[Secure-testing-team] Re: [SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution

* Noah Meyerhans:
> The fix used to correct CVE-2006-2940 introduced code that could lead to
> the use of uninitialized memory.  Such use is likely to cause the
> application using the openssl library to crash, and has the potential to
> allow an attacker to cause the execution of arbitrary code.
We need a new CVE ID for that one.

Secure testing team - Oct 2006 - Re: [SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution

[Secure-testing-team] Re: [SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution