[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] OpenSSL - dynamically linked binaries?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] OpenSSL - dynamically linked binaries?
From: Honza Vlach <janus@xxxxxxxx>
Date: Mon, 22 Mar 2004 10:27:12 +0100

Hello,
I have upgraded my servers to latest OpenSSL version (0.9.7d) and
restarted all daemons linked to it. Still, I'm a bit confused about what
else should I recompile.

I have checked apache mod_ssl and php module, which are both dynamically
linked to the libssl.so.0.9.7. The thing, that confuses me lot is, when I
look on the phpinfo(), it says "OpenSSL version 0.9.7c", which it
was compiled against. 

Does this mean, that I'm still vulnerable, or it is just version
hardcoded to the binary, while the library itself was sucessfully
reloaded?

What should be recompiled when there is new OpenSSL version issued? 

Have a nice day,
Honza Vlach

Attachment: pgp00091.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?
  - From: ja6.com
- Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?
  - From: Bram Matthys (Syzop)

Prev by Date: [Full-Disclosure] OpenSSH attack attempt?
Next by Date: [Full-Disclosure] create simple ftr server at win xp
Previous by thread: [Full-Disclosure] Re: OpenSSH attack attempt?
Next by thread: Re: [Full-Disclosure] OpenSSL - dynamically linked binaries?
Index(es):
- Date
- Thread