CiscoMike
Verified User
For those who missed it, a fairly good sized hole was found in SSL where someone could easily inject themselves into the session. It's not leaking data as there's no evidence of any crypto cracking/breaking going on however the ability to inject data into the stream and/or off-load the data for later (possible) decryption is possible.
There are tools in the wild to exploit this. It's not something DA handles so if you aren't up-to-snuff on how to rebuild OpenSSL, you might want to get a sysadmin to take a crack at it. I know that Wael's update.script can do it but not sure if he's updated it for OpenSSL 0.9.8i.
There are tools in the wild to exploit this. It's not something DA handles so if you aren't up-to-snuff on how to rebuild OpenSSL, you might want to get a sysadmin to take a crack at it. I know that Wael's update.script can do it but not sure if he's updated it for OpenSSL 0.9.8i.