18 Sep
2002
18 Sep
'02
22:00
After updating the OpenSSL packages (and restarting the services ) I just tested the openssl vulnerability testing tool http://CERT.Uni-Stuttgart.DE/advisories/openssl-sslv2-master/openssl-sslv2-m... and I am happy about what this test says about the https (443) and the pop3s (995) ports: PATCHED: detects small overflow, but crashes (0.9.6e) But on the smtp port 25 with option -s (i.e. with TLS) I get: VULNERABLE: does not detect small overflow What's wrong? Or: How to close this hole? Thanks and bye, Hatto von Hatzfeld