Mailing List Archive: CVS-2010-3864: OpenSSL TLS session caching buffer overun: any bearing?

CVS-2010-3864: OpenSSL TLS session caching buffer overun: any bearing?

Nov 16, 2010, 3:01 PM

Post #1 of 2 (1549 views)

Does the CVE-2010-3864 vulnerability for OpenSSL:
http://marc.info/?l=3Dopenssl-users&m=3D128992473131301&w=3D2
...have any bearing on OpenSSH?

It seems to affect TLS session caching, so I doubt it has anything to do
with OpenSSH, however I just wanted to ask to be sure!

Thank you,

Mark Lavi || Senior Web Producer @ sgi
(510) 933-5234 direct || mlavi@sgi.com

Re: CVS-2010-3864: OpenSSL TLS session caching buffer overun: any bearing? [ In reply to ]

dtucker at zip

Nov 16, 2010, 6:00 PM

Post #2 of 2 (1470 views)

Permalink

On 17/11/10 10:01 AM, Mark Lavi wrote:
> Does the CVE-2010-3864 vulnerability for OpenSSL:
> http://marc.info/?l=3Dopenssl-users&m=3D128992473131301&w=3D2
> ...have any bearing on OpenSSH?

No. It's in libssl which OpenSSH does not even link against.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.