CVS-2010-3864: OpenSSL TLS session caching buffer overun: any bearing?

Discussion:

(too old to reply)

Mark Lavi

2010-11-16 23:01:32 UTC

Does the CVE-2010-3864 vulnerability for OpenSSL:
http://marc.info/?l=3Dopenssl-users&m=3D128992473131301&w=3D2
...have any bearing on OpenSSH?

It seems to affect TLS session caching, so I doubt it has anything to do
with OpenSSH, however I just wanted to ask to be sure!

Thank you,

Mark Lavi || Senior Web Producer @ sgi
(510) 933-5234 direct || ***@sgi.com

Darren Tucker

2010-11-17 02:00:54 UTC

Permalink

Post by Mark Lavi
http://marc.info/?l=3Dopenssl-users&m=3D128992473131301&w=3D2
...have any bearing on OpenSSH?

No. It's in libssl which OpenSSH does not even link against.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

1 Reply
8 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Mark Lavi 2010-11-16 23:01:32 UTC

Darren Tucker 2010-11-17 02:00:54 UTC

about - legalese