Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Package sendmail-tls with openssl vulnerability?
  • From: Hatto von Hatzfeld <hatto@xxxxxxxxxxxxx>
  • Date: Thu, 19 Sep 2002 00:00:44 +0200
  • Message-id: <20020919000044.A3890@xxxxxxxxxxxxxxxxxxxxx>
After updating the OpenSSL packages (and restarting the services )
I just tested the openssl vulnerability testing tool

http://CERT.Uni-Stuttgart.DE/advisories/openssl-sslv2-master/openssl-sslv2-master.c

and I am happy about what this test says about the https (443) and the
pop3s (995) ports:

PATCHED: detects small overflow, but crashes (0.9.6e)

But on the smtp port 25 with option -s (i.e. with TLS) I get:

VULNERABLE: does not detect small overflow

What's wrong? Or: How to close this hole?

Thanks and bye,
Hatto von Hatzfeld


< Previous Next >