Andrew L. Neporada wrote: > On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote: > >>Jacques A. Vidrine wrote: >> >>>On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: >>> >>> >>>>Is it true that (dynamic) binaries are vulnerable if and only if they are >>>>linked with libssl.so.3, not with libcrypt or libcrypto? >>> >>> >>>Yes, the bug is in libssl. >> >> >>No, the libssl library might as well be compiled in statically into an >>otherwise dynamic binary. So, if a dynamic binary is not linked with >>libssl.so.*, it isn't a reliable indicator of a vulnerability. > > > Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base > install, right? You mean, dynamically linked binaries with statically embedded OpenSSL? Who knows ;) How can you check it, besides using (nm || strings) & grep?.. -- Lev Walkin [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"