Nmap Development mailing list archives
Re: OpenSSL 0.9.8h available.
From: Fyodor <fyodor () insecure org>
Date: Sun, 1 Jun 2008 14:17:23 -0700
On Sun, Jun 01, 2008 at 05:14:40PM +0100, jah wrote:
On 01/06/2008 16:13, Kris Katterjohn wrote:It's broken. The dlls don't seem to be statically linked against MSVCR80 (according to depends.exe) and nmap fails to initialise on a clean XP install (I've got the standalone runtime installed on my main machine and there, ssl is working as before). I've tried building OpenSSL again, but I get the same result. I notice that libeay32.dll is about 32K smaller than it was before... I'm a bit pressed for time at the moment, but intend to have a closer look in a couple of hours.
Thanks for testing, Jah. Did you check if the previous version works on that new build machine? Kris' SSL update seems to work on my Windows XP SP2 box. But I'll release 4.65 without the upgrade to allow for further testing. The OpenSSL security issues don't have any code execution risks AFAICT. It looks like, at worst, a malicious SSL server could possibly cause Windows Nmap to crash if Nmap tries version detection against that server. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- OpenSSL 0.9.8h available. jah (Jun 01)
- Re: OpenSSL 0.9.8h available. Kris Katterjohn (Jun 01)
- Re: OpenSSL 0.9.8h available. jah (Jun 01)
- Re: OpenSSL 0.9.8h available. Kris Katterjohn (Jun 01)
- Re: OpenSSL 0.9.8h available. Fyodor (Jun 01)
- Re: OpenSSL 0.9.8h available. jah (Jun 01)
- Re: OpenSSL 0.9.8h available. jah (Jun 01)
- Re: OpenSSL 0.9.8h available. Kris Katterjohn (Jun 01)