[thelist] OpenSSL Vulnerability. Again.

Judah McAuley judah at wiredotter.com
Fri Sep 13 17:58:00 CDT 2002

William Anderson wrote:
> Patch and burn time again kiddies ... well, once they've figured out which
> bit of Apache, mod_ssl and/or OpenSSL is vulnerable ...
> http://online.securityfocus.com/bid/5363/

That URL returns a 404 error, but it appears that the correct URL is
http://online.securityfocus.com/bid/5363 the same as above but without
the trailing slash.

It should also be noted that this vulnerability is reasonably old (July)
the updated part is that there is now a worm out in the wild that can
exploit the previous hole.  There are already two versions of OpenSSL
that are out that are not vulnerable to the exploit.


More information about the thelist mailing list